UbuntuUpdates.org

Package "vim-puppet"

Name: vim-puppet

Description:

syntax highlighting for puppet manifests in vim
Latest version: 2.7.11-1ubuntu2
Release: precise (12.04)
Level: base
Repository: universe
Head package: puppet
Homepage: http://projects.puppetlabs.com/projects/puppet

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "vim-puppet"

All arch deb package
APT INSTALL

Other versions of "vim-puppet" in Precise

Repository Area Version
security universe 2.7.11-1ubuntu2.7
updates universe 2.7.11-1ubuntu2.7
PPA: Puppet repo 3.8.7-1puppetlabs1

Changelog

Version: 2.7.11-1ubuntu2 2012-04-11 16:07:08 UTC

puppet (2.7.11-1ubuntu2) precise; urgency=low

  * SECURITY UPDATE: Arbitrary file writes via predictable filename usage in
    appdmg and pkgdmg providers (LP: #978708)
    - debian/patches/CVE-2012-1906_CVE-2012-1986_to_CVE-2012-1989.patch
    - CVE-2012-1906
  * SECURITY UPDATE: Arbitrary file reads via Filebucket REST requests
    - debian/patches/CVE-2012-1906_CVE-2012-1986_to_CVE-2012-1989.patch
    - CVE-2012-1986
  * SECURITY UPDATE: Denial of service via Filebucket text/marshall support
    - debian/patches/CVE-2012-1906_CVE-2012-1986_to_CVE-2012-1989.patch
    - CVE-2012-1987
  * SECURITY UPDATE: Arbitrary code execution via Filebucket requests
    - debian/patches/CVE-2012-1906_CVE-2012-1986_to_CVE-2012-1989.patch
    - CVE-2012-1988
  * SECURITY UPDATE: Arbritrary file writes via predictable telnet output log
    filename
    - debian/patches/CVE-2012-1906_CVE-2012-1986_to_CVE-2012-1989.patch
    - CVE-2012-1989
  * debian/patches/puppet-12844: Re-fetch the patch from upstream since some
    missing pieces cause 'rake spec' to abort immediately

 -- Tyler Hicks Wed, 11 Apr 2012 03:55:10 -0500
Source diff to previous version
978708 [Precise] puppet is vulnerable to CVE-2012-1906 and...

Version: 2.7.11-1ubuntu1 2012-03-16 20:03:10 UTC

puppet (2.7.11-1ubuntu1) precise; urgency=low

  [ Marc Cluet ]
  * debian/patches/puppet-12844: Cherry picked patch from upstream
    2.7.12 to revert new agent lockfile behaviour as it breaks upgrades
    from versions < 2.7.10. This feature has been pushed out to
    puppet 3.x by upstream.
  * debian/puppetmaster-passenger.postinst (LP: #948983)
    - Fixed rack directory location
    - Added proper enabling of apache2 headers mod
  * debian/puppetmaster-passenger.postinst (LP: #950183)
    - Make sure we error if puppet config print doesn't work

  [ James Page ]
  * debian/puppetmaster-passenger.postinst:
    - Ensure upgrades from <= 2.7.11-1 fixup passenger apache
      configuration.

 -- Marc Cluet Fri, 16 Mar 2012 15:36:35 +0000
948983 puppetmaster-passenger default vhost has wrong docu...
950183 puppetmaster-passenger postinst creates wrong certi...

Version: *DELETED* 2012-03-06 11:35:17 UTC
No changelog for deleted or moved packages.

Version: 2.7.11-1 2012-03-03 10:05:00 UTC

puppet (2.7.11-1) unstable; urgency=high

  * New upstream release
  * Urgency set to high due to regressions in previous release
    and security vulnerabilities
  * Execs when run with a user specified, but no group, get the root
    group. Similarly unexpected privileges are given to providers and
    types (egid remains as root), this is fixed with a patch from
    upstream (CVE-2012-1053)
  * Fix Klogin write through symlink (CVE-2012-1054)

 -- Micah Anderson Thu, 23 Feb 2012 18:24:48 -0500
Source diff to previous version
CVE-2012-1053 RESERVED
CVE-2012-1054 RESERVED

Version: 2.7.10-1ubuntu1 2012-02-14 13:05:10 UTC

puppet (2.7.10-1ubuntu1) precise; urgency=low

  * Use maintscript support in dh_installdeb rather than writing out
    dpkg-maintscript-helper commands by hand. We now simply Pre-Depend on a
    new enough version of dpkg rather than using 'dpkg-maintscript-helper
    supports' guards, leading to more predictable behaviour on upgrades.

 -- Colin Watson Tue, 14 Feb 2012 11:08:59 +0000


About   -   Send Feedback to @ubuntu_updates