| Summary: | puppet new security issues CVE-2018-11751 and CVE-2020-794[23] | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | All Packagers <pkg-bugs> |
| Status: | RESOLVED OLD | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | mageia, zombie_ryushu |
| Version: | 7 | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://nvd.nist.gov/vuln/detail/CVE-2020-7942 | ||
| Whiteboard: | |||
| Source RPM: | puppet-6.0.3-3.mga8.src.rpm | CVE: | CVE-2020-7942 |
| Status comment: | Fixed upstream in 6.13.0 | ||
|
Description
David Walser
2020-04-23 20:53:48 CEST
David Walser
2020-04-23 21:32:19 CEST
Whiteboard:
(none) =>
MGA7TOO Puppet has no registered maintainer, nor any consistent committer. Hence assigning this globally. Assignee:
bugsquad =>
pkg-bugs RedHat has issued an advisory on October 27: https://access.redhat.com/errata/RHSA-2020:4366 It fixes this issue and two others in Puppet, CVE-2018-11751 (fixed upstream in 6.4.0) and CVE-2020-7943 (fixed upstream in 6.10.1). For the latter, RedHat thinks they identified the commit that fixed it: https://bugzilla.redhat.com/show_bug.cgi?id=1828486#c4 Severity:
normal =>
critical
Zombie Ryushu
2020-12-29 11:45:37 CET
CC:
(none) =>
zombie_ryushu we updated cauldron to puppet 7.1.0 CC:
(none) =>
mageia
David Walser
2020-12-30 11:44:19 CET
Status comment:
(none) =>
Fixed upstream in 6.13.0 https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/ Resolution:
(none) =>
OLD |