Author: anarcat Date: 2017-10-30 18:46:07 +0000 (Mon, 30 Oct 2017) New Revision: 57136
Modified: data/CVE/list data/dla-needed.txt Log: no version of puppet in debian is affected by CVE-2016-5714 agent 1.3.6 is puppet 4.3.2 and 1.7.1 is 4.7.0, so no version is vulnerable Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-10-30 14:06:32 UTC (rev 57135) +++ data/CVE/list 2017-10-30 18:46:07 UTC (rev 57136) @@ -59048,8 +59048,13 @@ CVE-2016-5715 (Open redirect vulnerability in the Console in Puppet Enterprise 2015.x ...) - puppet <not-affected> (Limited to Puppet Enterprise) CVE-2016-5714 (Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet ...) - - puppet <unfixed> - TODO: check + - puppet 4.8.0-1 + [wheezy] - puppet <not-affected> (Vulnerable code introduced later) + [jessie] - puppet <not-affected> (Vulnerable code introduced later) + NOTE: https://puppet.com/security/cve/pxp-agent-oct-2016 + NOTE: triaged away in Ubuntu: "Default configurations of FOSS Puppet Agent are not vulnerable." + NOTE: gentoo released a fix: https://security.gentoo.org/glsa/201710-12 + NOTE: rosetta stone for puppet version numbers: https://puppet.com/docs/puppet/4.10/about_agent.html CVE-2016-5713 RESERVED CVE-2016-5712 Modified: data/dla-needed.txt =================================================================== --- data/dla-needed.txt 2017-10-30 14:06:32 UTC (rev 57135) +++ data/dla-needed.txt 2017-10-30 18:46:07 UTC (rev 57136) @@ -93,8 +93,6 @@ NOTE: drawForm is doForm1 in wheezy NOTE: exploit does not loop but code looks affected -- -puppet --- python-werkzeug (Thorsten Alteholz) -- quagga (Hugo Lefeuvre) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits