Date: Sun, 18 Aug 2013 17:10:59 +0000 (UTC) From: Brad Davis <brd@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r324930 - in branches/RELENG_9_2_0: security/vuxml sysutils/puppet sysutils/puppet27 Message-ID: <201308181710.r7IHAxRT006460@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: brd (doc committer) Date: Sun Aug 18 17:10:59 2013 New Revision: 324930 URL: http://svnweb.freebsd.org/changeset/ports/324930 Log: MFH r324808 and r324813: Update sysutils/puppet to 3.2.4 and sysutils/puppet27 to 2.7.23. Approved by: portmgr (erwin@) and maintainer (swills@) Security: 2b2f6092-0694-11e3-9e8e-000c29f6ae42 Modified: branches/RELENG_9_2_0/security/vuxml/vuln.xml branches/RELENG_9_2_0/sysutils/puppet/Makefile branches/RELENG_9_2_0/sysutils/puppet/distinfo branches/RELENG_9_2_0/sysutils/puppet27/Makefile branches/RELENG_9_2_0/sysutils/puppet27/distinfo Directory Properties: branches/RELENG_9_2_0/ (props changed) Modified: branches/RELENG_9_2_0/security/vuxml/vuln.xml ============================================================================== --- branches/RELENG_9_2_0/security/vuxml/vuln.xml Sun Aug 18 16:13:02 2013 (r324929) +++ branches/RELENG_9_2_0/security/vuxml/vuln.xml Sun Aug 18 17:10:59 2013 (r324930) @@ -51,6 +51,43 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="2b2f6092-0694-11e3-9e8e-000c29f6ae42"> + <topic>puppet -- multiple vulnerabilities</topic> + <affects> + <package> + <name>puppet</name> + <range><ge>2.7</ge><lt>2.7.23</lt></range> + <range><ge>3.0</ge><lt>3.2.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Puppet Labs reports:</p> + <blockquote cite="http://puppetlabs.com/security/cve/cve-2013-4761/">; + <p>By using the `resource_type` service, an attacker could + cause puppet to load arbitrary Ruby files from the puppet + master node's file system. While this behavior is not + enabled by default, `auth.conf` settings could be modified + to allow it. The exploit requires local file system access + to the Puppet Master.</p> + <p>Puppet Module Tool (PMT) did not correctly control + permissions of modules it installed, instead transferring + permissions that existed when the module was built.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-4761</cvename> + <cvename>CVE-2013-4956</cvename> + <url>http://puppetlabs.com/security/cve/cve-2013-4761/</url>; + <url>http://puppetlabs.com/security/cve/cve-2013-4956/</url>; + </references> + <dates> + <discovery>2013-07-05</discovery> + <entry>2013-08-16</entry> + </dates> + </vuln> + <vuln vid="72bf9e21-03df-11e3-bd8d-080027ef73ec"> <topic>polarssl -- denial of service through unterminated loop in certificate parser</topic> <affects> Modified: branches/RELENG_9_2_0/sysutils/puppet/Makefile ============================================================================== --- branches/RELENG_9_2_0/sysutils/puppet/Makefile Sun Aug 18 16:13:02 2013 (r324929) +++ branches/RELENG_9_2_0/sysutils/puppet/Makefile Sun Aug 18 17:10:59 2013 (r324930) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= puppet -PORTVERSION= 3.2.3 +PORTVERSION= 3.2.4 CATEGORIES= sysutils MASTER_SITES= http://downloads.puppetlabs.com/puppet/ Modified: branches/RELENG_9_2_0/sysutils/puppet/distinfo ============================================================================== --- branches/RELENG_9_2_0/sysutils/puppet/distinfo Sun Aug 18 16:13:02 2013 (r324929) +++ branches/RELENG_9_2_0/sysutils/puppet/distinfo Sun Aug 18 17:10:59 2013 (r324930) @@ -1,2 +1,2 @@ -SHA256 (puppet-3.2.3.tar.gz) = 6a19927d6126b9f6f40e94997c0896a618da8983178ca0e30264122b70edf819 -SIZE (puppet-3.2.3.tar.gz) = 1782059 +SHA256 (puppet-3.2.4.tar.gz) = 8b38f4adee6237b8dd7b1956d90af97f2d0091245d6e30b708bbc8e333001358 +SIZE (puppet-3.2.4.tar.gz) = 1786216 Modified: branches/RELENG_9_2_0/sysutils/puppet27/Makefile ============================================================================== --- branches/RELENG_9_2_0/sysutils/puppet27/Makefile Sun Aug 18 16:13:02 2013 (r324929) +++ branches/RELENG_9_2_0/sysutils/puppet27/Makefile Sun Aug 18 17:10:59 2013 (r324930) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= puppet -PORTVERSION= 2.7.22 +PORTVERSION= 2.7.23 CATEGORIES= sysutils MASTER_SITES= http://downloads.puppetlabs.com/puppet/ Modified: branches/RELENG_9_2_0/sysutils/puppet27/distinfo ============================================================================== --- branches/RELENG_9_2_0/sysutils/puppet27/distinfo Sun Aug 18 16:13:02 2013 (r324929) +++ branches/RELENG_9_2_0/sysutils/puppet27/distinfo Sun Aug 18 17:10:59 2013 (r324930) @@ -1,2 +1,2 @@ -SHA256 (puppet-2.7.22.tar.gz) = bfd79c0aecdeea4e1a8573e9325fbcb48778603d908180e88897458f01fe06de -SIZE (puppet-2.7.22.tar.gz) = 2023230 +SHA256 (puppet-2.7.23.tar.gz) = 73bc0d5a2334dc484148141a32274703b65b78bf87ca41f7e2da1c38518ba490 +SIZE (puppet-2.7.23.tar.gz) = 2025639
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201308181710.r7IHAxRT006460>