All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
and this project adheres to [Semantic Versioning](http://semver.org).
+## Supported Release [4.5.1]
+### Summary
+This release fixes CVE-2018-6508 which is a potential arbitrary code execution via tasks.
+
+### Fixed
+- Fix init task for arbitrary remote code
+
## Supported Release [4.5.0]
### Summary
This release uses the PDK convert functionality which in return makes the module PDK compliant. It also includes a roll up of maintenance changes.
{
"name": "puppetlabs-apt",
- "version": "4.5.0",
+ "version": "4.5.1",
"author": "Puppet Labs",
"summary": "Provides an interface for managing Apt source, key, and definitions with Puppet",
"license": "Apache-2.0",
require 'puppet'
def apt_get(action)
- cmd_string = "apt-get #{action}"
- cmd_string << ' -y' if action == 'upgrade'
- stdout, stderr, status = Open3.capture3(cmd_string)
+ cmd = ['apt-get', action]
+ cmd << ' -y' if action == 'upgrade'
+ stdout, stderr, status = Open3.capture3(*cmd)
raise Puppet::Error, stderr if status != 0
{ status: stdout.strip }
end