Micah Anderson uploaded new packages for puppet which fixed the following
security problems:

 Resist directory traversal attacks through indirections.

 In various versions of Puppet it was possible to cause a directory
 traversal attack through the SSLFile indirection base class.  This was
 variously triggered through the user-supplied key, or the Subject of
 the certificate, in the code.

For the squeeze-backports distribution the problems have been fixed in
version 2.7.1-1~bpo60+2.