CVE-2013-1652

Priority
Description
Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and
Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote
authenticated users with a valid certificate and private key to read
arbitrary catalogs or poison the master's cache via unspecified vectors.
Assigned-to
mdeslaur
Notes
mdeslaurUpstream no longer supports 0.25.x as found in lucid. The code
is substantially different, rendering a backport of this
security update difficult. Since puppet in Lucid is almost
end-of-life, we aren't planning on backporting the security fix
to it. For Lucid users, we recommend using puppet
2.7.1-1ubuntu3.8~ubuntu10.04.1 currently in lucid-backports.
Package
Upstream:released (2.6.18, 2.7.21, 3.1.1)
More Information

Updated: 2019-12-05 21:03:10 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)