Description: "Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types (which may contain sensitive information) as well as function names and class names. Previously, these endpoints were open to the local network. PE 2018.1.13 & 2019.4.0, Puppet Server 6.9.1 & 5.3.12, and PuppetDB 6.9.1 & 5.2.13 disable trapperkeeper-metrics /v1 metrics API and only allows /v2 access on localhost by default."
@ maintainer(s): Please call for stabilization when ready!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4d62e24468acfa7aa3b170c7a02e47bdbe6b4ebb commit 4d62e24468acfa7aa3b170c7a02e47bdbe6b4ebb Author: Matthew Thode <prometheanfire@gentoo.org> AuthorDate: 2020-03-12 01:19:30 +0000 Commit: Matthew Thode <prometheanfire@gentoo.org> CommitDate: 2020-03-12 01:19:46 +0000 app-admin/puppetdb: stablize 6.9.1 for amd64/x86 for CVE-2020-7943 Bug: https://bugs.gentoo.org/712198 Package-Manager: Portage-2.3.89, Repoman-2.3.20 Signed-off-by: Matthew Thode <prometheanfire@gentoo.org> app-admin/puppetdb/Manifest | 2 - app-admin/puppetdb/puppetdb-6.8.0.ebuild | 92 -------------------------------- app-admin/puppetdb/puppetdb-6.9.0.ebuild | 87 ------------------------------ app-admin/puppetdb/puppetdb-6.9.1.ebuild | 2 +- 4 files changed, 1 insertion(+), 182 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e248bbd4667c50465e9c1fa8517dc073369923b1 commit e248bbd4667c50465e9c1fa8517dc073369923b1 Author: Matthew Thode <prometheanfire@gentoo.org> AuthorDate: 2020-03-12 01:17:40 +0000 Commit: Matthew Thode <prometheanfire@gentoo.org> CommitDate: 2020-03-12 01:19:45 +0000 app-admin/puppetserver: stablize 6.9.1 and cleanup for CVE-2020-7943 Bug: https://bugs.gentoo.org/712198 Package-Manager: Portage-2.3.89, Repoman-2.3.20 Signed-off-by: Matthew Thode <prometheanfire@gentoo.org> app-admin/puppetserver/Manifest | 2 - app-admin/puppetserver/metadata.xml | 3 - app-admin/puppetserver/puppetserver-6.8.0.ebuild | 135 ----------------------- app-admin/puppetserver/puppetserver-6.9.0.ebuild | 131 ---------------------- app-admin/puppetserver/puppetserver-6.9.1.ebuild | 2 +- 5 files changed, 1 insertion(+), 272 deletions(-)
cleaned up and stablized
(In reply to Matthew Thode ( prometheanfire ) from comment #3) > cleaned up and stablized Excellent, thank you for being so quick. (Incorrect title was due to my tree not being up to date -- cron is setup now.)
GLSA Vote: No! Repository is clean, all done!
