thr3ads.net - Puppet users - [Puppet Users] Announce: Puppet 2.7.23 Available [ Security Release ] [Aug 2013]

If this information is useful, please help other people find it:
Share via:

Matthaus Owens

2013-Aug-15 16:10 UTC

[Puppet Users] Announce: Puppet 2.7.23 Available [ Security Release ]

Puppet 2.7.23 is now available. 2.7.23 addresses two security
vulnerabilties discovered in the 2.7.x series of Puppet. These
vulnerabilities have been assigned Mitre CVE numbers CVE-2013-4956 and
CVE-2013-4761.

All users of Puppet 2.7.22 and earlier who cannot upgrade to the
current version of Puppet, 3.2.4, are strongly encouraged to upgrade
to 2.7.23.

For more information on these vulnerabilities, please visit
http://puppetlabs.com/security/cve/cve-2013-4761 and
http://puppetlabs.com/security/cve/cve-2013-4956 .

Downloads are available at:
 * Source
https://downloads.puppetlabs.com/puppet/puppet-2.7.23.tar.gz<https://downloads.puppetlabs.com/puppet/puppet-2.7.22.tar.gz>

Windows package is available at
https://downloads.puppetlabs.com/windows/puppet-2.7.23.msi<https://downloads.puppetlabs.com/windows/puppet-2.7.22.msi>

RPMs are available at https://yum.puppetlabs.com/el or /fedora

Debs are available at https://apt.puppetlabs.com

Mac package is available at
https://downloads.puppetlabs.com/mac/puppet-2.7.23.dmg<https://downloads.puppetlabs.com/mac/puppet-2.7.22.dmg>

Gems are available via rubygems at
https://rubygems.org/downloads/puppet-2.7.23.gem<https://rubygems.org/downloads/puppet-2.7.22.gem>
or
by using `gem
install puppet --version=2.7.23`

Please report feedback via the Puppet Labs Redmine site, using an
affected puppet version of 2.7.23:
http://projects.puppetlabs.com/projects/puppet/

## Changelog ##

Andrew Parker (9):
      e9b54a0 (Maint) Use dirname instead of regexes
      b0924a3 (Maint) Clean up specs
      88da2ab (#21971) Check for possible directory traversal
      24b18de (#21971) Split import and autoloading code paths
      ee80db0 (#21971) Create system for safely dealing with path patterns
      c0d0339 (#21971) Fix how import_all loads files
      4e00895 (Maint) Confine module tool tests off of windows
      78be1de (Maint) Update expectations for older rspec
      c9f8717 (Maint) Update test to reflect chown using the gid too

Josh Partlow (3):
      18379b6 (#21971) Fixes PathPattern''s usage of Dir.glob for
Windows
      94cedf7 (#21971) Allow paths that contain .. as part of a name
      ddd8b59 (maint) Fix module_utils regex tests for module file perms

Matthaus Owens (3):
      1e5fc90 (packaging) Update CHANGELOG, PUPPETVERSION for 2.7.23
      b2a77e0 (packaging) Remove oneiric from ext/build_defaults.yaml
      2471c0f (maint) Remove rspec requires from the Rakefile

Pieter van de Bruggen (5):
      90d4180 (#14333) Ensure module permissions are sane.
      f02f186 Backporting acceptance tests.
      23bdf22 Fixing broken requires in the acceptance tests.
      b7a0d29 Ensure that PMT uses the correct group membership.
      27abe7e Improving testing around PMT module install permissions.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Phips

2013-Aug-15 20:49 UTC

head link

[Puppet Users] Re: Announce: Puppet 2.7.23 Available [ Security Release ]

OpenCSW packages available for test 
at http://buildfarm.opencsw.org/experimental.html#markp

Once somebody tells me they''re good I''ll push them to the main
catalog.

On Thursday, 15 August 2013 17:10:43 UTC+1, Matthaus Litteken
wrote:>
> Puppet 2.7.23 is now available. 2.7.23 addresses two security
> vulnerabilties discovered in the 2.7.x series of Puppet. These
> vulnerabilities have been assigned Mitre CVE numbers CVE-2013-4956 and 
> CVE-2013-4761.
>
> All users of Puppet 2.7.22 and earlier who cannot upgrade to the
> current version of Puppet, 3.2.4, are strongly encouraged to upgrade
> to 2.7.23.
>
> For more information on these vulnerabilities, please visit
> http://puppetlabs.com/security/cve/cve-2013-4761 and
> http://puppetlabs.com/security/cve/cve-2013-4956 .
>
> Downloads are available at:
>  * Source
https://downloads.puppetlabs.com/puppet/puppet-2.7.23.tar.gz<https://downloads.puppetlabs.com/puppet/puppet-2.7.22.tar.gz>
>
> Windows package is available at
>
https://downloads.puppetlabs.com/windows/puppet-2.7.23.msi<https://downloads.puppetlabs.com/windows/puppet-2.7.22.msi>
>
> RPMs are available at https://yum.puppetlabs.com/el or /fedora
>
> Debs are available at https://apt.puppetlabs.com
>
> Mac package is available at
>
https://downloads.puppetlabs.com/mac/puppet-2.7.23.dmg<https://downloads.puppetlabs.com/mac/puppet-2.7.22.dmg>
>
> Gems are available via rubygems at
>
https://rubygems.org/downloads/puppet-2.7.23.gem<https://rubygems.org/downloads/puppet-2.7.22.gem>
or
> by using `gem
> install puppet --version=2.7.23`
>
> Please report feedback via the Puppet Labs Redmine site, using an
> affected puppet version of 2.7.23:
> http://projects.puppetlabs.com/projects/puppet/
>
> ## Changelog ##
>
> Andrew Parker (9):
>       e9b54a0 (Maint) Use dirname instead of regexes
>       b0924a3 (Maint) Clean up specs
>       88da2ab (#21971) Check for possible directory traversal
>       24b18de (#21971) Split import and autoloading code paths
>       ee80db0 (#21971) Create system for safely dealing with path patterns
>       c0d0339 (#21971) Fix how import_all loads files
>       4e00895 (Maint) Confine module tool tests off of windows
>       78be1de (Maint) Update expectations for older rspec
>       c9f8717 (Maint) Update test to reflect chown using the gid too
>
> Josh Partlow (3):
>       18379b6 (#21971) Fixes PathPattern''s usage of Dir.glob for
Windows
>       94cedf7 (#21971) Allow paths that contain .. as part of a name
>       ddd8b59 (maint) Fix module_utils regex tests for module file perms
>
> Matthaus Owens (3):
>       1e5fc90 (packaging) Update CHANGELOG, PUPPETVERSION for 2.7.23
>       b2a77e0 (packaging) Remove oneiric from ext/build_defaults.yaml
>       2471c0f (maint) Remove rspec requires from the Rakefile
>
> Pieter van de Bruggen (5):
>       90d4180 (#14333) Ensure module permissions are sane.
>       f02f186 Backporting acceptance tests.
>       23bdf22 Fixing broken requires in the acceptance tests.
>       b7a0d29 Ensure that PMT uses the correct group membership.
>       27abe7e Improving testing around PMT module install permissions.
>  
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Puppet users - Aug 2013 - Announce: Puppet 2.7.23 Available [ Security Release ]

[Puppet Users] Announce: Puppet 2.7.23 Available [ Security Release ]

[Puppet Users] Re: Announce: Puppet 2.7.23 Available [ Security Release ]