summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSylvain Beucler <beuc@beuc.net>2021-12-06 18:47:00 +0100
committerSylvain Beucler <beuc@beuc.net>2021-12-06 18:47:00 +0100
commit3239b05986b64e508c02ffc7793f3f38cb8fe919 (patch)
tree34cbc04578789300cc2c6e4e0363d56cf36fd3ca
parentb8e325e5edb09a52d5e195df3f1b6af7082245c7 (diff)
dla: drop puppet
-rw-r--r--data/CVE/list3
-rw-r--r--data/dla-needed.txt3
2 files changed, 3 insertions, 3 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 5fa5217d15..7d25f52731 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -46566,6 +46566,7 @@ CVE-2021-27025 (A flaw was discovered in Puppet Agent where the agent may silent
- puppet <unfixed>
[bullseye] - puppet <ignored> (Minor issue, too intrusive to backport)
[buster] - puppet <ignored> (Minor issue, too intrusive to backport)
+ [stretch] - puppet <ignored> (Minor issue, too intrusive to backport)
NOTE: https://puppet.com/security/cve/cve-2021-27025
NOTE: https://github.com/puppetlabs/puppet/commit/da8b73edca174309a9bef5f62cd276933fe733e8 (6.25.1)
NOTE: Limited impact, needs a malformed custom type provider
@@ -46575,12 +46576,14 @@ CVE-2021-27023 (A flaw was discovered in Puppet Agent and Puppet Server that may
- puppet <unfixed>
[bullseye] - puppet <ignored> (Minor issue)
[buster] - puppet <ignored> (Minor issue)
+ [stretch] - puppet <ignored> (Minor issue)
NOTE: https://puppet.com/security/cve/cve-2021-27023
NOTE: https://github.com/puppetlabs/puppet/commit/e90023a8b54a58073d71dae655d7636e2c9bcc61 (6.25.1)
NOTE: Marginal/unclear security implications, the redirects are fully under control of
NOTE: the puppet masters and the advisory states this CVE would be similar to CVE-2018-1000007,
NOTE: but CVE is for curl, which obviously has different scope being a library. Plus, all
NOTE: reasonably secure installations use client auth on the agents
+ NOTE: Previous client code in lib/puppet/network/http/connection.rb also vulnerable
CVE-2021-27022 (A flaw was discovered in bolt-server and ace where running a task with ...)
- puppet <not-affected> (Only affects Puppet Enterprise)
NOTE: https://puppet.com/security/cve/CVE-2021-27022/
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index c35d701e3c..6771dfe4bc 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -67,9 +67,6 @@ nvidia-graphics-drivers (Markus Koschany)
pgbouncer (Thorsten Alteholz)
NOTE: 20211128: also help with other releases
--
-puppet (Sylvain Beucler)
- NOTE: please recheck whether really affected
---
rustc (Roberto C. Sánchez)
NOTE: rust-doc in stretch-lts (and jessie-lts) is not installable
NOTE: https://bugs.debian.org/928422

© 2014-2024 Faster IT GmbH | imprint | privacy policy