Your message dated Wed, 31 May 2017 01:02:10 +0000 with message-id <e1dfs1a-000cl3...@fasolo.debian.org> and subject line Bug#863212: fixed in puppet 3.7.2-4+deb8u1 has caused the Debian Bug report #863212, regarding puppet: CVE-2017-2295: unsafe YAML deserialization to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 863212: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863212 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: puppet Version: 3.7.2-1 Severity: grave Tags: upstream security patch Hi, the following vulnerability was published for puppet. CVE-2017-2295[0]: Unsafe YAML deseralization If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-2295 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2295 [1] https://puppet.com/security/cve/cve-2017-2295 [2] https://github.com/puppetlabs/puppet/commit/06d8c51367ca932b9da5d9b01958cfc0adf0f2ea Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: puppet Source-Version: 3.7.2-4+deb8u1 We believe that the bug you reported is fixed in the latest version of puppet, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 863...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Apollon Oikonomopoulos <apoi...@debian.org> (supplier of updated puppet package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 23 May 2017 23:35:37 +0300 Source: puppet Binary: puppet-common puppet puppetmaster-common puppetmaster puppetmaster-passenger vim-puppet puppet-el puppet-testsuite Architecture: source all Version: 3.7.2-4+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Puppet Package Maintainers <pkg-puppet-de...@lists.alioth.debian.org> Changed-By: Apollon Oikonomopoulos <apoi...@debian.org> Description: puppet - configuration management system, agent puppet-common - configuration management system puppet-el - syntax highlighting for puppet manifests in emacs puppet-testsuite - configuration management system, development test suite puppetmaster - configuration management system, master service puppetmaster-common - configuration management system, master common files puppetmaster-passenger - configuration management system, scalable master service vim-puppet - syntax highlighting for puppet manifests in vim Closes: 863212 Changes: puppet (3.7.2-4+deb8u1) jessie-security; urgency=high . * master: accept facts only in PSON format (CVE-2017-2295). Note that the fix for CVE-2017-2295 unfortunately breaks backward compatibility with agent versions prior to 3.2.2. (Closes: #863212) + Document compatibility issues in d/NEWS. * Add myself to Uploaders. Checksums-Sha1: 2f9020f9eec11c011b9ef3687215800ba8ec3c47 2592 puppet_3.7.2-4+deb8u1.dsc 1659ec3d144ae0449fa548d45d0df541a4b882e3 2592103 puppet_3.7.2.orig.tar.gz af74d60547630fe78208f8082b9b43d81e661a05 44228 puppet_3.7.2-4+deb8u1.debian.tar.xz 48cbdcc37a43e2d50b603770c2caad18870abeb5 1009180 puppet-common_3.7.2-4+deb8u1_all.deb bee2aca72981ea404656a1c6864412ecc3e4a099 25864 puppet_3.7.2-4+deb8u1_all.deb f89f99f0c57015ed2ca2ee6017a57fd40b17a905 26690 puppetmaster-common_3.7.2-4+deb8u1_all.deb 08c7f280cc07b9e4afc76c56162562340bb0bcf8 25220 puppetmaster_3.7.2-4+deb8u1_all.deb 42a4163c84a16af711c0f8cf8f06181d34993094 26000 puppetmaster-passenger_3.7.2-4+deb8u1_all.deb 40ce30979beb53582b08fea29690633590722574 26528 vim-puppet_3.7.2-4+deb8u1_all.deb 15b2daa27970cfa9ecc41affbf76a47e9e58e5cc 28014 puppet-el_3.7.2-4+deb8u1_all.deb b72760b5ecc435d1e463888806d0dcab41823278 805222 puppet-testsuite_3.7.2-4+deb8u1_all.deb Checksums-Sha256: c4d4b56c0c9774176df274e2565297df9bc4ea7c732cef7a2206898ed4b77e50 2592 puppet_3.7.2-4+deb8u1.dsc f762c43da42c4b164afe70046ef65de88a389d718e37c79a1e92f4aa4ff571c5 2592103 puppet_3.7.2.orig.tar.gz edb0b1fb867dc52c2c506bb22dc9370049a6d9936e66715680c89f01d0619baf 44228 puppet_3.7.2-4+deb8u1.debian.tar.xz 20e2667902bff0bdd5d4a18a318916e41a49d1ab75947ae655c63948a55281ca 1009180 puppet-common_3.7.2-4+deb8u1_all.deb d6b2e9d972263794e343787ae95fe79ad6062420bce2f04133d31f11343ba5e8 25864 puppet_3.7.2-4+deb8u1_all.deb 9364e58783e65ef8c29c9bed384ae7ec453fbe516b5180241a412020d52aed85 26690 puppetmaster-common_3.7.2-4+deb8u1_all.deb 54be781578d8cc3ebbe2bfa638726eee9ccfd04fdb6f5f67376695297cb8baf7 25220 puppetmaster_3.7.2-4+deb8u1_all.deb 9a9c7c31475cf8b133a651457c452f760a141c3d9b4366c4cde56a8f6d495717 26000 puppetmaster-passenger_3.7.2-4+deb8u1_all.deb 3a334b242efb35b0ba039e882bf93145a58f89d2c85a745ae343267eb8749d5c 26528 vim-puppet_3.7.2-4+deb8u1_all.deb 3ca23d4d13738a4d14bc8f3b81354de5b9563b820c9546a85cc5f779901240be 28014 puppet-el_3.7.2-4+deb8u1_all.deb 71440bcf12a91cc36a0f9445d11dbbd84a9270578c38db3618bc09290e08b56d 805222 puppet-testsuite_3.7.2-4+deb8u1_all.deb Files: da370ee41974561734ae4b60047b5444 2592 admin optional puppet_3.7.2-4+deb8u1.dsc a3e2ae951760494e6f52e310420db8f2 2592103 admin optional puppet_3.7.2.orig.tar.gz 40304b0e12e2bb0e52bb57f71038db2e 44228 admin optional puppet_3.7.2-4+deb8u1.debian.tar.xz e5403c3eb1f0601e8a9791c5f0252606 1009180 admin optional puppet-common_3.7.2-4+deb8u1_all.deb 5db71327e67a33c62002dfa4ce49b965 25864 admin optional puppet_3.7.2-4+deb8u1_all.deb 7bd77d15e6440dc3033c10516e0b500a 26690 admin optional puppetmaster-common_3.7.2-4+deb8u1_all.deb f4b1ce0eec869466d4df7875fd56c3cc 25220 admin optional puppetmaster_3.7.2-4+deb8u1_all.deb a2ae64e66049d52e2b1217adfc5bdc73 26000 admin optional puppetmaster-passenger_3.7.2-4+deb8u1_all.deb e54ecad32a47fbc52ebf835f926f6601 26528 admin optional vim-puppet_3.7.2-4+deb8u1_all.deb de7e01d7cab149e840b1fda56041003b 28014 admin optional puppet-el_3.7.2-4+deb8u1_all.deb c0be0c8d228d73002abcbc73a5185db5 805222 admin optional puppet-testsuite_3.7.2-4+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEPgL9ZlYpWVIRC6uZ9RsYxyAkgiQFAlklUW8ACgkQ9RsYxyAk giTsuA//cg/5KWakTIg6dqlG5S+lrFR1fSvcPfRacyyw6Y1vGG3XsRZLs8tK0ThL t09f45fLR7ov/JhxJgAGq3fCu7zmI2CY5i1nd5kiUByyUAHmCnU79khC59//ombY 9yOeJIeRaaln4vaRegTcYzF3yFBmoe0zTpaHdmYy+9PXuwAmyv7BsbbEjrAKM7Of rmtC9FEqjIMX6Nto7E+Srz0LOcMVrkSkNk7CwLw6pI+ZUBrJOk5R3kgHPUjo/VDS gM5tnetGa76tIDxN+4y1Mk2ve+mGoW8JfSdMIQ7x8untBleLtDRddnJPRdgnly5R zPggesHAGeeDcaMALUxXcC6mq1LiOMA9gykVONDxQJ7lALTooCukFzm7kf7Y4Fmv sXUP6Lk6Wy2EcDi1j1pXMKMGDoqghsd2IN8N5aOSvYGVeM87zQksDVZ9hopCKh/3 IpNfcs2gFl/NbEkKDm6vXKEuFoV4aMukUyaRRjneqYpwXd/OVkZgI4IQG5/Ppnv2 tDkurA/r8kg0mMKar4GXUAbsMnIXiIIqpsKMzzzShFieY7LSdS0q/grLm8GQJfrV eojdSEIV2yz2+0opPoHe3RRuM2XP/1bAMLWzhRiC5dgXWwhyakLruatG0P7LmNQO h5FPpDmpdmTc9HoibwokSlfF0/vk0mfKLdkEtObhNrn0E2dHbXc= =fojS -----END PGP SIGNATURE-----
--- End Message ---
