* Moritz Muehlenhoff <j...@debian.org> [170121 23:16]: > Source: mcollective > > Please see https://puppet.com/security/cve/cve-2016-2788
Looks like the fix is in this commit/merge: https://github.com/puppetlabs/marionette-collective/commit/4918a0f136aea04452b48a1ba29eb9aabcf5c97d I've checked the 2.6.x branch and it appears to have the vulnerable code too. -- christian hofstaedtler <z...@debian.org>
