Source: puppet Version: 5.1.0-1 Severity: important Tags: security upstream Forwarded: https://tickets.puppetlabs.com/browse/PUP-8225
Hi, the following vulnerability was published for puppet. CVE-2017-10690[0]: | In previous versions of Puppet Agent it was possible for the agent to | retrieve facts from an environment that it was not classified to | retrieve from. This was resolved in Puppet Agent 5.3.4, included in | Puppet Enterprise 2017.3.4 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-10690 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10690 [1] https://tickets.puppetlabs.com/browse/PUP-8225 Please adjust the affected versions in the BTS as needed, according to the upstream bug the issue mmight as well be present in 4.x versions but was masked prior to 4.10.5. Is this the correct interpetation? Regards, Salvatore _______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team