Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 581372 (CVE-2016-2785) - <app-admin/puppetserver-2.3.2, <app-admin/puppet-agent-1.4.2: Incorrect URL Decoding (CVE-2016-2785)
Summary: <app-admin/puppetserver-2.3.2, <app-admin/puppet-agent-1.4.2: Incorrect URL D...
Status: RESOLVED FIXED
Alias: CVE-2016-2785
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-04-27 14:47 UTC by Agostino Sarubbo
Modified: 2016-06-05 18:41 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2016-04-27 14:47:15 UTC
https://puppet.com/security/cve/cve-2016-2785
Comment 1 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2016-04-27 21:53:08 UTC
Resolved in:
    app-admin/puppetserver 2.3.2
    app-admin/puppet-agent 1.4.2
    app-admin/puppet 4.4.2

I don't think puppet-3.x was effected

We'll need stablereqs for the following.

=app-admin/puppet-agent-1.4.2
=app-admin/puppetserver-2.3.2
Comment 2 Agostino Sarubbo gentoo-dev 2016-04-28 08:57:27 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2016-04-28 08:58:00 UTC
x86 stable.

Maintainer(s), please cleanup.
Comment 4 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2016-04-28 14:14:30 UTC
cleaned up, removing myself from cc
Comment 5 Yury German Gentoo Infrastructure gentoo-dev Security 2016-05-31 06:13:24 UTC
Added to an existing GLSA Request.
Comment 6 Yury German Gentoo Infrastructure gentoo-dev Security 2016-06-05 18:41:59 UTC
This issue was resolved and addressed in
 GLSA 201606-02 at https://security.gentoo.org/glsa/201606-02
by GLSA coordinator Yury German (BlueKnight)