Hi Chris, On 20 August 2013 11:22, Chris Boot <c...@tiger-computing.co.uk> wrote: > The issue was causing reports from squeeze machines (running > 2.6.2-5+squeeze6/7/8) to be misparsed by the security-patched wheezy > version of Puppet, causing invalid reports to be stored to disk and sent > to Dashboard. Applying CVE-2013-3567.fixup-for-v3.patch on our Puppet > master causes valid reports to be stored on disk and sent to Dashboard > with no changes to the slave nodes.
Er, that's a weird combination of versions, but in any case with the patch you sent you are downgrading puppet 2.7's report format from version 2 (3 actually) to version 1. I personally don't think this has anything to do with the security update and I'd rather look into the consumer of the reports (puppet dashboard in this case). Temporarily downgrading to the version prior the DSA could allow you to confirm whether this is in fact a regression. -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
