Puppet users - Aug 2013 - Announce: Puppet 3.2.4 Available [ Security Release ]

Puppet 3.2.4 is now available. 3.2.4 addresses two security
vulnerabilties discovered in the 3.x series of Puppet. These
vulnerabilities have been assigned Mitre CVE numbers CVE-2013-4956 and
CVE-2013-4761.

All users of Puppet 3.2.3 and earlier are strongly encouraged to upgrade
to 3.2.4.

For more information on these vulnerabilities, please visit
http://puppetlabs.com/security/cve/cve-2013-4761 and
http://puppetlabs.com/security/cve/cve-2013-4956 .

Downloads are available at:
 * Source
https://downloads.puppetlabs.com/puppet/puppet-3.2.4.tar.gz<https://downloads.puppetlabs.com/puppet/puppet-2.7.22.tar.gz>

Windows package is available at
https://downloads.puppetlabs.com/windows/puppet-3.2.4.msi<https://downloads.puppetlabs.com/windows/puppet-2.7.22.msi>

RPMs are available at https://yum.puppetlabs.com/el or /fedora

Debs are available at https://apt.puppetlabs.com

Mac package is available at
https://downloads.puppetlabs.com/mac/puppet-3.2.4.dmg<https://downloads.puppetlabs.com/mac/puppet-2.7.22.dmg>

Gems are available via rubygems at
https://rubygems.org/downloads/puppet-3.2.4.gem<https://rubygems.org/downloads/puppet-2.7.22.gem>
or
by using `gem
install puppet --version=3.2.4`

Please report feedback via the Puppet Labs Redmine site, using an
affected puppet version of 3.2.4:
http://projects.puppetlabs.com/projects/puppet/

## Changelog ##

Andrew Parker (6):
      98e3a38 (Maint) Use dirname instead of regexes
      4b8d0a1 (Maint) Clean up specs
      e7e1be1 (#21971) Check for possible directory traversal
      6547651 (#21971) Split import and autoloading code paths
      d689513 (#21971) Create system for safely dealing with path patterns
      214d42e (Maint) Reinstate check for manifest dir

John Duarte (1):
      c9473a6 (#21953) Add test to verify module permissions

Josh Partlow (5):
      3932e78 (#21971) Fix TypeLoader#import_all on Ruby 1.8.7
      a0f8a32 (#21971) Fixes PathPattern''s usage of Dir.glob for
Windows
      987c4d5 (#21971) Allow paths that contain .. as part of a name
      c0234fe (maint) Fix windows test for embedded ''..'' in
path
      adff11c (maint) Fix module_utils regex tests for module file perms

Matthaus Owens (4):
      05d20ff (maint) Remove rspec requires from the Rakefile
      a754bc8 (packaging) Move systemd BuildRequires into conditional
      019e443 (maint) Correct type in speeeeling of pl-fedora-18-i386 mock
in ext/build_defaults.yaml
      f55814d (packaging) Update PUPPETVERSION for 3.2.4

Melissa Stone (1):
      ecb0f92 (Bug #21768) Update puppet for F19

Pieter van de Bruggen (4):
      fe7b9f0 (#14333) Ensure module permissions are sane.
      01c69eb Fixing a missed test for minitar.
      f8a9eec Ensure that PMT uses the correct group membership.
      afc9859 Improving testing around PMT module install permissions.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

OpenCSW packages available for test 
at http://buildfarm.opencsw.org/experimental.html#markp

Once somebody tells me they''re good I''ll push them to the main
catalog.

On Thursday, 15 August 2013 17:10:50 UTC+1, Matthaus Litteken
wrote:
>
> Puppet 3.2.4 is now available. 3.2.4 addresses two security
> vulnerabilties discovered in the 3.x series of Puppet. These
> vulnerabilities have been assigned Mitre CVE numbers CVE-2013-4956 and 
> CVE-2013-4761.
>
> All users of Puppet 3.2.3 and earlier are strongly encouraged to upgrade
> to 3.2.4.
>
> For more information on these vulnerabilities, please visit
> http://puppetlabs.com/security/cve/cve-2013-4761 and
> http://puppetlabs.com/security/cve/cve-2013-4956 .
>
> Downloads are available at:
>  * Source
https://downloads.puppetlabs.com/puppet/puppet-3.2.4.tar.gz<https://downloads.puppetlabs.com/puppet/puppet-2.7.22.tar.gz>
>
> Windows package is available at
>
https://downloads.puppetlabs.com/windows/puppet-3.2.4.msi<https://downloads.puppetlabs.com/windows/puppet-2.7.22.msi>
>
> RPMs are available at https://yum.puppetlabs.com/el or /fedora
>
> Debs are available at https://apt.puppetlabs.com
>
> Mac package is available at
>
https://downloads.puppetlabs.com/mac/puppet-3.2.4.dmg<https://downloads.puppetlabs.com/mac/puppet-2.7.22.dmg>
>
> Gems are available via rubygems at
>
https://rubygems.org/downloads/puppet-3.2.4.gem<https://rubygems.org/downloads/puppet-2.7.22.gem>
or
> by using `gem
> install puppet --version=3.2.4`
>
> Please report feedback via the Puppet Labs Redmine site, using an
> affected puppet version of 3.2.4:
> http://projects.puppetlabs.com/projects/puppet/
>
> ## Changelog ##
>
> Andrew Parker (6):
>       98e3a38 (Maint) Use dirname instead of regexes
>       4b8d0a1 (Maint) Clean up specs
>       e7e1be1 (#21971) Check for possible directory traversal
>       6547651 (#21971) Split import and autoloading code paths
>       d689513 (#21971) Create system for safely dealing with path patterns
>       214d42e (Maint) Reinstate check for manifest dir
>
> John Duarte (1):
>       c9473a6 (#21953) Add test to verify module permissions
>
> Josh Partlow (5):
>       3932e78 (#21971) Fix TypeLoader#import_all on Ruby 1.8.7
>       a0f8a32 (#21971) Fixes PathPattern''s usage of Dir.glob for
Windows
>       987c4d5 (#21971) Allow paths that contain .. as part of a name
>       c0234fe (maint) Fix windows test for embedded ''..''
in path
>       adff11c (maint) Fix module_utils regex tests for module file perms
>
> Matthaus Owens (4):
>       05d20ff (maint) Remove rspec requires from the Rakefile
>       a754bc8 (packaging) Move systemd BuildRequires into conditional
>       019e443 (maint) Correct type in speeeeling of pl-fedora-18-i386 mock 
> in ext/build_defaults.yaml
>       f55814d (packaging) Update PUPPETVERSION for 3.2.4
>
> Melissa Stone (1):
>       ecb0f92 (Bug #21768) Update puppet for F19
>
> Pieter van de Bruggen (4):
>       fe7b9f0 (#14333) Ensure module permissions are sane.
>       01c69eb Fixing a missed test for minitar.
>       f8a9eec Ensure that PMT uses the correct group membership.
>       afc9859 Improving testing around PMT module install permissions.
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.