The default configuration for puppet masters 0.25.0 and later in Puppet
before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet
Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated
nodes to submit reports for other nodes via unspecified vectors.
mdeslaurUpstream no longer supports 0.25.x as found in lucid. The code
is substantially different, rendering a backport of this
security update difficult. Since puppet in Lucid is almost
end-of-life, we aren't planning on backporting the security fix
to it. For Lucid users, we recommend using puppet
2.7.1-1ubuntu3.8~ubuntu10.04.1 currently in lucid-backports.
Upstream:released (3.1.1, 3.7.21, 2.6.18)
More Information

Updated: 2019-12-05 21:04:18 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)