Bug 1460091

Summary: CVE-2017-2295 puppet: Unsafe YAML deserialization [openstack-rdo]
Product: [Community] RDO Reporter: Summer Long <slong>
Component: distributionAssignee: Alfredo Moralejo <amoralej>
Status: CLOSED CURRENTRELEASE QA Contact: Shai Revivo <srevivo>
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: apevec, chrisw, cvsbot-xmlrpc, jjoyce, jschluet, lhh, lpeer, markmc, rbryant, sclewis, srevivo, tdecacqu
Target Milestone: ---Keywords: Security, SecurityTracking
Target Release: trunk   
Hardware: All   
OS: Linux   
Whiteboard: component:puppet
Fixed In Version: Doc Type: Release Note
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-07-22 13:54:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1452651    

Description Summer Long 2017-06-09 04:26:49 UTC 
This as an RDO Project security tracking bug against puppet. It was created
to ensure that one or more security vulnerabilities are fixed.

For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.

[bug automatically created by: add-tracking-bugs]
Comment 1 Alfredo Moralejo 2020-07-22 13:54:53 UTC 
RDO is using puppet >= 5.5.10 since Stein release which is unaffected by this issue.