Jira (PUP-11596) CVE-2022-28738: Puppet-agent 5.5.x and 6.x releases

7 views
Skip to first unread message

Sanjay Tripathi (Jira)

unread,
Jul 25, 2022, 1:17:01 PM7/25/22
to puppe...@googlegroups.com
Sanjay Tripathi created an issue
 
Puppet / Bug PUP-11596
CVE-2022-28738: Puppet-agent 5.5.x and 6.x releases
Issue Type: Bug Bug
Affects Versions: PUP 6.25.1, PUP 6.16.0, PUP 5.5.14
Assignee: Unassigned
Created: 2022/07/25 10:16 AM
Priority: Blocker Blocker
Reporter: Sanjay Tripathi

Puppet Version: 5.5.14, 6.16.0, 6.25.1
Puppet Server Version: N/A
OS Name/Version: ALL

Ruby has released fixes for CVE-2022-28738. 

When does Puppet plan to address Ruby CVE-2022-28738 for older version of Puppet-Agent?
We use 5.5.14, 6.16.0 and 6.25.1 Open-Source Puppet-agents and would like to know Puppet's plans to address CVE-2022-28738 in these older Puppet-agent versions.

Thanks.
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v8.20.11#820011-sha1:0629dd8)
Atlassian logo

Josh Cooper (Jira)

unread,
Jul 26, 2022, 3:46:02 PM7/26/22
to puppe...@googlegroups.com
Josh Cooper commented on Bug PUP-11596
 
Re: CVE-2022-28738: Puppet-agent 5.5.x and 6.x releases

Sanjay Tripathi Ruby CVE-2022-28738 only affects Ruby 3.x but Puppet vendors Ruby versions before that, so we are unaffected.

Sanjay Tripathi (Jira)

unread,
Jul 26, 2022, 4:44:02 PM7/26/22
to puppe...@googlegroups.com

Thank you for the clarification, Josh Cooper
Reply all
Reply to author
Forward
0 new messages