This bug was fixed in the package puppet - 2.7.11-1ubuntu2
---
puppet (2.7.11-1ubuntu2) precise; urgency=low
* SECURITY UPDATE: Arbitrary file writes via predictable filename usage in
appdmg and pkgdmg providers (LP: #978708)
- debian/patches/CVE-2012-1906_CVE-2012-1986_to_C
ACK on the debdiff, uploaded to Precise.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to puppet in Ubuntu.
https://bugs.launchpad.net/bugs/978708
Title:
[Precise] puppet is vulnerable to CVE-2012-1906 and CVE-2012-1986
through CVE-
The diff between the output of 'cd /usr/share/puppet-testsuite && rake
spec unit' ran under puppet-2.7.11-1ubuntu1 and puppet-2.7.11-1ubuntu2
(which is simply the debdiff attached above applied).
Note that there are many false positives from failed Windows tests. I'm
not sure why these tests are b