This issue did NOT affect the versions of the puppet package, as shipped with Fedora release of 16 and 17.
--
This issue did NOT affect the versions of the puppet package, as shipped with Fedora EPEL 5 and 6.
As listed in the upstream advisory, this issue only affected 2.7.x versions. Only Fedora 17 and Rawhide have this version and are already using fixed 2.7.13. Fedora 17 did not include previous 2.7.x version and hence was never affected by this issue.
External Reference:
http://puppetlabs.com/security/cve/cve-2012-1989/