From 3239b05986b64e508c02ffc7793f3f38cb8fe919 Mon Sep 17 00:00:00 2001
From: Sylvain Beucler <beuc@beuc.net>
Date: Mon, 6 Dec 2021 18:47:00 +0100
Subject: dla: drop puppet

---
 data/CVE/list       | 3 +++
 data/dla-needed.txt | 3 ---
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/data/CVE/list b/data/CVE/list
index 5fa5217d15..7d25f52731 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -46566,6 +46566,7 @@ CVE-2021-27025 (A flaw was discovered in Puppet Agent where the agent may silent
 	- puppet <unfixed>
 	[bullseye] - puppet <ignored> (Minor issue, too intrusive to backport)
 	[buster] - puppet <ignored> (Minor issue, too intrusive to backport)
+	[stretch] - puppet <ignored> (Minor issue, too intrusive to backport)
 	NOTE: https://puppet.com/security/cve/cve-2021-27025
 	NOTE: https://github.com/puppetlabs/puppet/commit/da8b73edca174309a9bef5f62cd276933fe733e8 (6.25.1)
 	NOTE: Limited impact, needs a malformed custom type provider
@@ -46575,12 +46576,14 @@ CVE-2021-27023 (A flaw was discovered in Puppet Agent and Puppet Server that may
 	- puppet <unfixed>
 	[bullseye] - puppet <ignored> (Minor issue)
 	[buster] - puppet <ignored> (Minor issue)
+	[stretch] - puppet <ignored> (Minor issue)
 	NOTE: https://puppet.com/security/cve/cve-2021-27023
 	NOTE: https://github.com/puppetlabs/puppet/commit/e90023a8b54a58073d71dae655d7636e2c9bcc61 (6.25.1)
 	NOTE: Marginal/unclear security implications, the redirects are fully under control of
 	NOTE: the puppet masters and the advisory states this CVE would be similar to CVE-2018-1000007,
 	NOTE: but CVE is for curl, which obviously has different scope being a library. Plus, all
 	NOTE: reasonably secure installations use client auth on the agents
+	NOTE: Previous client code in lib/puppet/network/http/connection.rb also vulnerable
 CVE-2021-27022 (A flaw was discovered in bolt-server and ace where running a task with ...)
 	- puppet <not-affected> (Only affects Puppet Enterprise)
 	NOTE: https://puppet.com/security/cve/CVE-2021-27022/
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index c35d701e3c..6771dfe4bc 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -67,9 +67,6 @@ nvidia-graphics-drivers (Markus Koschany)
 pgbouncer (Thorsten Alteholz)
   NOTE: 20211128: also help with other releases
 --
-puppet (Sylvain Beucler)
-  NOTE: please recheck whether really affected
---
 rustc (Roberto C. Sánchez)
   NOTE: rust-doc in stretch-lts (and jessie-lts) is not installable
   NOTE: https://bugs.debian.org/928422
-- 
cgit v1.2.3