![](https://seccdn.libravatar.org/avatar/e2145bc5cf53dda95c308a3c75e8fef3.jpg?s=120&d=mm&r=g)
Hello community,
here is the log from the commit of package facter for openSUSE:Factory checked in at 2014-06-27 06:53:18
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/facter (Old)
and /work/SRC/openSUSE:Factory/.facter.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "facter"
Changes:
--------
--- /work/SRC/openSUSE:Factory/facter/facter.changes 2014-05-17 21:43:38.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.facter.new/facter.changes 2014-06-27 06:53:21.000000000 +0200
@@ -1,0 +2,7 @@
+Thu Jun 26 13:47:03 UTC 2014 - vdziewiecki@suse.com
+
+- Update to 2.0.2: fix CVE-2014-3248 (An attacker could convince
+an administrator to unknowingly execute malicious code on platforms
+with Ruby 1.9.1 and earlier)
+
+-------------------------------------------------------------------
Old:
----
facter-2.0.1.tar.gz
New:
----
facter-2.0.2.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ facter.spec ++++++
--- /var/tmp/diff_new_pack.B9jL32/_old 2014-06-27 06:53:22.000000000 +0200
+++ /var/tmp/diff_new_pack.B9jL32/_new 2014-06-27 06:53:22.000000000 +0200
@@ -17,7 +17,7 @@
Name: facter
-Version: 2.0.1
+Version: 2.0.2
Release: 0
Summary: A cross-platform Ruby library for retrieving facts from operating systems
License: Apache-2.0
++++++ facter-2.0.1.tar.gz -> facter-2.0.2.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/facter-2.0.1/bin/facter new/facter-2.0.2/bin/facter
--- old/facter-2.0.1/bin/facter 2014-04-01 19:23:03.000000000 +0200
+++ new/facter-2.0.2/bin/facter 2014-06-06 20:02:18.000000000 +0200
@@ -1,5 +1,9 @@
#!/usr/bin/env ruby
+# For security reasons, ensure that '.' is not on the load path
+# This is primarily for 1.8.7 since 1.9.2+ doesn't put '.' on the load path
+$LOAD_PATH.delete '.'
+
# Bundler and rubygems maintain a set of directories from which to
# load gems. If Bundler is loaded, let it determine what can be
# loaded. If it's not loaded, then use rubygems. But do this before
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/facter-2.0.1/ext/build_defaults.yaml new/facter-2.0.2/ext/build_defaults.yaml
--- old/facter-2.0.1/ext/build_defaults.yaml 2014-04-01 19:23:03.000000000 +0200
+++ new/facter-2.0.2/ext/build_defaults.yaml 2014-06-06 20:02:18.000000000 +0200
@@ -2,7 +2,7 @@
packaging_url: 'git://github.com/puppetlabs/packaging.git --branch=master'
packaging_repo: 'packaging'
default_cow: 'base-squeeze-i386.cow'
-cows: 'base-lucid-i386.cow base-lucid-amd64.cow base-precise-i386.cow base-precise-amd64.cow base-quantal-i386.cow base-quantal-amd64.cow base-raring-i386.cow base-raring-amd64.cow base-saucy-i386.cow base-saucy-amd64.cow base-sid-i386.cow base-sid-amd64.cow base-squeeze-i386.cow base-squeeze-amd64.cow base-stable-i386.cow base-stable-amd64.cow base-testing-i386.cow base-testing-amd64.cow base-trusty-i386.cow base-trusty-amd64.cow base-unstable-i386.cow base-unstable-amd64.cow base-wheezy-i386.cow base-wheezy-amd64.cow'
+cows: 'base-lucid-i386.cow base-lucid-amd64.cow base-precise-i386.cow base-precise-amd64.cow base-quantal-i386.cow base-quantal-amd64.cow base-saucy-i386.cow base-saucy-amd64.cow base-sid-i386.cow base-sid-amd64.cow base-squeeze-i386.cow base-squeeze-amd64.cow base-stable-i386.cow base-stable-amd64.cow base-testing-i386.cow base-testing-amd64.cow base-trusty-i386.cow base-trusty-amd64.cow base-unstable-i386.cow base-unstable-amd64.cow base-wheezy-i386.cow base-wheezy-amd64.cow'
pbuild_conf: '/etc/pbuilderrc'
packager: 'puppetlabs'
gpg_name: 'info@puppetlabs.com'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/facter-2.0.1/ext/debian/changelog new/facter-2.0.2/ext/debian/changelog
--- old/facter-2.0.1/ext/debian/changelog 2014-04-01 19:23:07.000000000 +0200
+++ new/facter-2.0.2/ext/debian/changelog 2014-06-06 20:02:21.000000000 +0200
@@ -1,8 +1,8 @@
-facter (2.0.1-1puppetlabs1) lucid unstable sid wheezy lucid squeeze precise quantal raring; urgency=low
+facter (2.0.2-1puppetlabs1) lucid unstable sid wheezy lucid squeeze precise quantal raring; urgency=low
* Update to version
- -- Puppet Labs Release