PublicDateAtUSN: 2013-03-12 18:00:00 UTC
Candidate: CVE-2013-2275
CRD: 2013-03-12 18:00:00 UTC
PublicDate: 2013-03-20 16:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2275
 https://ubuntu.com/security/notices/USN-1759-1
Description:
 The default configuration for puppet masters 0.25.0 and later in Puppet
 before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet
 Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated
 nodes to submit reports for other nodes via unspecified vectors.
Ubuntu-Description: 
Notes: 
 mdeslaur> Upstream no longer supports 0.25.x as found in lucid. The code
 mdeslaur> is substantially different, rendering a backport of this
 mdeslaur> security update difficult. Since puppet in Lucid is almost
 mdeslaur> end-of-life, we aren't planning on backporting the security fix
 mdeslaur> to it. For Lucid users, we recommend using puppet
 mdeslaur> 2.7.1-1ubuntu3.8~ubuntu10.04.1 currently in lucid-backports.
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: 
CVSS: 

Patches_puppet:
upstream_puppet: released (3.1.1, 3.7.21, 2.6.18)
hardy_puppet: ignored (reached end-of-life)
lucid_puppet: ignored
oneiric_puppet: released (2.7.1-1ubuntu3.8)
precise_puppet: released (2.7.11-1ubuntu2.2)
quantal_puppet: released (2.7.18-1ubuntu1.1)
devel_puppet: released (2.7.18-1ubuntu2)