Control: severity -1 important Control: tags -1 wontfix Dear Martin,
On 15:12 Mon 29 May , Martin Duspiva wrote: > Dear Maintainer, > > fter install the last security update 3.7.2-4+deb8u1, the puppet > master doesn't work with puppet agents ( clients ) on Debian Squeezy > and Wheezy. The error on agent is: Thank you for the report. Unfortunately this is a known and well-documented issue. It's documented in both the package's debian/NEWS, and the Debian Security Announcement[1] on the debian-security-announce mailing list. [1] https://lists.debian.org/debian-security-announce/2017/msg00122.html It is (at least currently) impossible to retain compatibility and fix the vulnerability at the same time, as the 2.7 agent sends everything using YAML while the 3.7 master will reject YAML as unsafe. The recommended approach is to use the 3.7 packages from wheezy-backports on wheezy agents. I know this is not ideal, but 2.7 is unsupported upstream for quite a while now. Regards, Apollon
