Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 581372 (CVE-2016-2785)

Summary: <app-admin/puppetserver-2.3.2, <app-admin/puppet-agent-1.4.2: Incorrect URL Decoding (CVE-2016-2785)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: ruby, sysadmin
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa cve]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2016-04-27 14:47:15 UTC 
https://puppet.com/security/cve/cve-2016-2785
Comment 1 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2016-04-27 21:53:08 UTC 
Resolved in:
    app-admin/puppetserver 2.3.2
    app-admin/puppet-agent 1.4.2
    app-admin/puppet 4.4.2

I don't think puppet-3.x was effected

We'll need stablereqs for the following.

=app-admin/puppet-agent-1.4.2
=app-admin/puppetserver-2.3.2
Comment 2 Agostino Sarubbo gentoo-dev 2016-04-28 08:57:27 UTC 
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2016-04-28 08:58:00 UTC 
x86 stable.

Maintainer(s), please cleanup.
Comment 4 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2016-04-28 14:14:30 UTC 
cleaned up, removing myself from cc
Comment 5 Yury German Gentoo Infrastructure gentoo-dev 2016-05-31 06:13:24 UTC 
Added to an existing GLSA Request.
Comment 6 Yury German Gentoo Infrastructure gentoo-dev 2016-06-05 18:41:59 UTC 
This issue was resolved and addressed in
 GLSA 201606-02 at https://security.gentoo.org/glsa/201606-02
by GLSA coordinator Yury German (BlueKnight)