581372 – (CVE-2016-2785) <app-admin/puppetserver-2.3.2, <app-admin/puppet-agent-1.4.2: Incorrect URL Decoding (CVE-2016-2785)

Bug 581372 (CVE-2016-2785) - <app-admin/puppetserver-2.3.2, <app-admin/puppet-agent-1.4.2: Incorrect URL Decoding (CVE-2016-2785)

Summary: <app-admin/puppetserver-2.3.2, <app-admin/puppet-agent-1.4.2: Incorrect URL D...

Status:	RESOLVED FIXED

Alias:	CVE-2016-2785

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [glsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2016-04-27 14:47 UTC by Agostino Sarubbo
Modified:	2016-06-05 18:41 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2016-04-27 14:47:15 UTC

https://puppet.com/security/cve/cve-2016-2785

Comment 1 Matthew Thode ( prometheanfire ) archtester

2016-04-27 21:53:08 UTC

Resolved in:
    app-admin/puppetserver 2.3.2
    app-admin/puppet-agent 1.4.2
    app-admin/puppet 4.4.2

I don't think puppet-3.x was effected

We'll need stablereqs for the following.

=app-admin/puppet-agent-1.4.2
=app-admin/puppetserver-2.3.2

Comment 2 Agostino Sarubbo gentoo-dev

2016-04-28 08:57:27 UTC

amd64 stable

Comment 3 Agostino Sarubbo gentoo-dev

2016-04-28 08:58:00 UTC

x86 stable.

Maintainer(s), please cleanup.

Comment 4 Matthew Thode ( prometheanfire ) archtester

2016-04-28 14:14:30 UTC

cleaned up, removing myself from cc

Comment 5 Yury German Gentoo Infrastructure

2016-05-31 06:13:24 UTC

Added to an existing GLSA Request.

Comment 6 Yury German Gentoo Infrastructure

2016-06-05 18:41:59 UTC

This issue was resolved and addressed in
 GLSA 201606-02 at https://security.gentoo.org/glsa/201606-02
by GLSA coordinator Yury German (BlueKnight)