Gentoo Linux Security Advisory 2013-08-04 - Multiple vulnerabilities have been found in Puppet, the worst of which could lead to execution of arbitrary code. Versions less than 2.7.23 are affected.
0540da72c54f57cbe5a156cdb95056d98fa489beca31a869e539fa0bb49ca073
Red Hat Security Advisory 2013-0710-01 - Puppet allows provisioning, patching, and configuration of clients to be managed and automated. A flaw was found in how Puppet handled certain HTTP PUT requests. An attacker with valid authentication credentials, and authorized to save to the authenticated client's own report, could construct a malicious request that could possibly cause the Puppet master to execute arbitrary code. A flaw was found in how Puppet handled the "template" and "inline_template" functions during catalog compilation. If an authenticated attacker were to requests its catalog from the Puppet master, it could possibly result in arbitrary code execution when the catalog is compiled.
287e00cc1e326aec1722ac557fce76b5e0388b5683cb3624788e846953353c44
Debian Linux Security Advisory 2643-1 - Multiple vulnerabilities were discovered in Puppet, a centralized configuration management system.
626b2c43b3fc60e5818364c42a1dce9ed4a162377a90fdd4f2f3cc47cac16b60