Just updated and noticed that the version number at the top of the page in dashboard didn't bump, and it still lists 1.2.18 in /usr/share/puppet-dashboard/VERSION. This is on CentOS 6 from yum.
On Tuesday, January 15, 2013 4:59:45 PM UTC-8, Moses Mendoza wrote: > > Puppet Dashboard 1.2.19 is now available. > > This release of Puppet Dashboard addresses CVE-2013-0155. All users > are strongly encouraged to update when possible. > > This vulnerability exposes ActiveRecord to unsafe query generation. > > More information on the vulnerability can be found here: > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155, and in > this post: > https://groups.google.com/group/rubyonrails-security/browse_thread/thread/73b8d3f8478df5e2 > > > Downloads > ======== > > RPM packages for are available at https://yum.puppetlabs.com/el or > /fedora > > Debian packages are available at https://apt.puppetlabs.com > > Source can be downloaded from > https://puppetlabs.com/downloads/dashboard/puppet-dashboard-1.2.19.tar.gz, > > along with the accompanying signature file, > > https://puppetlabs.com/downloads/dashboard/puppet-dashboard-1.2.19.tar.gz.asc. > > > > See the Verifying Puppet Download section at: > http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet > > 1.2.19 Security Fixes > ================ > Ernie Miller (1): > 04c1dba Fix for CVE-2013-0155 > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/r7xJE--NIDIJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
