On Sat, Feb 21, 2015 at 08:58:13PM +0100, Stig Sandbeck Mathisen wrote:
> Moritz Muehlenhoff <[email protected]> writes:
>
> > On Sat, Jan 17, 2015 at 12:09:51AM +0100, Moritz Muehlenhoff wrote:
> >> Package: puppet-module-puppetlabs-stdlib
> >> Severity: important
> >> Tags: security
> >>
> >> Hi,
> >> please see http://puppetlabs.com/security/cve/cve-2015-1029
> >
> > It's been a month, what's the status?
>
> I replied with
> http://lists.alioth.debian.org/pipermail/pkg-puppet-devel/2015-January/009318.html,
> but it seems I managed to send it as a followup to the pkg-puppet-devel
> mailing list, and not to the BTS.
>
> Sorry about that.
>
> I think there is an error in the CVE. After reading the code, I think it
> should be "facter versions older than 1.7", and not "facter version 1.7
> and newer".
Confirmed. I've updated the Debian Security Tracker.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
