Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2015-1426 cve-2015-1426

Source

Debian Bug report logs - #778265
facter: CVE-2015-1426

Package: facter; Maintainer for facter is Puppet Package Maintainers <pkg-puppet-devel@lists.alioth.debian.org>; Source for facter is src:facter (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Thu, 12 Feb 2015 22:30:01 UTC

Severity: important

Tags: confirmed, fixed-upstream, patch, security, upstream

Merged with 877390

Found in version facter/2.2.0-1

Fixed in version facter/2.4.4-1

Done: Moritz Muehlenhoff <jmm@inutil.org>

Bug is archived. No further changes may be made.

Forwarded to https://tickets.puppetlabs.com/browse/FACT-800

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Puppet Package Maintainers <pkg-puppet-devel@lists.alioth.debian.org>:
Bug#778265; Package facter. (Thu, 12 Feb 2015 22:30:06 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Puppet Package Maintainers <pkg-puppet-devel@lists.alioth.debian.org>. (Thu, 12 Feb 2015 22:30:06 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: facter
Severity: important
Tags: security

Please see http://puppetlabs.com/security/cve/cve-2015-1426

Fix:
https://github.com/puppetlabs/facter/commit/e546bc546e7fb23ad6b68fcf2059452df4d320dd

Cheers,
        Moritz

Changed Bug title to 'facter: CVE-2015-1426' from 'CVE-2015-1426' Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 13 Feb 2015 18:57:10 GMT) (full text, mbox, link).

Added tag(s) upstream and fixed-upstream. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 13 Feb 2015 18:57:10 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Puppet Package Maintainers <pkg-puppet-devel@lists.alioth.debian.org>:
Bug#778265; Package facter. (Tue, 24 Feb 2015 15:51:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Puppet Package Maintainers <pkg-puppet-devel@lists.alioth.debian.org>. (Tue, 24 Feb 2015 15:51:04 GMT) (full text, mbox, link).

Message #14 received at 778265@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

Moritz Muehlenhoff wrote:
> Package: facter
> Severity: important
> Tags: security
> 
> Please see http://puppetlabs.com/security/cve/cve-2015-1426

Patch attached.

Cheers,
        Moritz

[facter-sec.patch (text/x-diff, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Puppet Package Maintainers <pkg-puppet-devel@lists.alioth.debian.org>:
Bug#778265; Package facter. (Wed, 25 Feb 2015 19:00:16 GMT) (full text, mbox, link).

Acknowledgement sent to Stig Sandbeck Mathisen <ssm@debian.org>:
Extra info received and forwarded to list. Copy sent to Puppet Package Maintainers <pkg-puppet-devel@lists.alioth.debian.org>. (Wed, 25 Feb 2015 19:00:16 GMT) (full text, mbox, link).

Message #19 received at 778265@bugs.debian.org (full text, mbox, reply):

Control: tags -1 + patch confirmed

Moritz Muehlenhoff <jmm@inutil.org> writes:

> Moritz Muehlenhoff wrote:
>> Package: facter
>> Severity: important
>> Tags: security
>> 
>> Please see http://puppetlabs.com/security/cve/cve-2015-1426
>
> Patch attached.

Lovely, thanks. :)

-- 
Stig Sandbeck Mathisen

Added tag(s) confirmed and patch. Request was from Stig Sandbeck Mathisen <ssm@debian.org> to 778265-submit@bugs.debian.org. (Wed, 25 Feb 2015 19:00:16 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Puppet Package Maintainers <pkg-puppet-devel@lists.alioth.debian.org>:
Bug#778265; Package facter. (Thu, 09 Apr 2015 19:33:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Mühlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Puppet Package Maintainers <pkg-puppet-devel@lists.alioth.debian.org>. (Thu, 09 Apr 2015 19:33:04 GMT) (full text, mbox, link).

Message #26 received at 778265@bugs.debian.org (full text, mbox, reply):

On Wed, Feb 25, 2015 at 07:57:31PM +0100, Stig Sandbeck Mathisen wrote:
> 
> Control: tags -1 + patch confirmed
> 
> Moritz Muehlenhoff <jmm@inutil.org> writes:
> 
> > Moritz Muehlenhoff wrote:
> >> Package: facter
> >> Severity: important
> >> Tags: security
> >> 
> >> Please see http://puppetlabs.com/security/cve/cve-2015-1426
> >
> > Patch attached.
> 
> Lovely, thanks. :)

The freeze is getting really close, could you please upload a fixed
package so that it can still be unblocked in time?

Cheers,
        Moritz

Reply sent to Moritz Muehlenhoff <jmm@inutil.org>:
You have taken responsibility. (Mon, 18 Apr 2016 10:03:16 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Mon, 18 Apr 2016 10:03:16 GMT) (full text, mbox, link).

Message #31 received at 778265-done@bugs.debian.org (full text, mbox, reply):

Version: 2.4.4-1

On Wed, Feb 25, 2015 at 07:57:31PM +0100, Stig Sandbeck Mathisen wrote:
> 
> Control: tags -1 + patch confirmed
> 
> Moritz Muehlenhoff <jmm@inutil.org> writes:
> 
> > Moritz Muehlenhoff wrote:
> >> Package: facter
> >> Severity: important
> >> Tags: security
> >> 
> >> Please see http://puppetlabs.com/security/cve/cve-2015-1426
> >
> > Patch attached.
> 
> Lovely, thanks. :)

Fixed a while ago in unstable.

Cheers,
        Moritz

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 17 May 2016 07:36:11 GMT) (full text, mbox, link).

Bug unarchived. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sun, 01 Oct 2017 11:30:03 GMT) (full text, mbox, link).

Marked as found in versions facter/2.2.0-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sun, 01 Oct 2017 11:30:03 GMT) (full text, mbox, link).

Set Bug forwarded-to-address to 'https://tickets.puppetlabs.com/browse/FACT-800'. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sun, 01 Oct 2017 11:30:04 GMT) (full text, mbox, link).

Marked as fixed in versions facter/2.4.4-1; no longer marked as fixed in versions 2.4.4-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sun, 01 Oct 2017 11:30:05 GMT) (full text, mbox, link).

Merged 778265 877390 Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sun, 01 Oct 2017 11:30:09 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 30 Oct 2017 07:28:57 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 17:55:19 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

facter: CVE-2015-1426

Debian Bug report logs - #778265
facter: CVE-2015-1426

Vulmon Search

About

Products

Connect

facter: CVE-2015-1426

Debian Bug report logs - #778265 facter: CVE-2015-1426

Vulmon Search

About

Products

Connect

Debian Bug report logs - #778265
facter: CVE-2015-1426