Micah Anderson uploaded new packages for puppet which fixed the
following security problems:
CVE-2011-3872
Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet
Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an
agent certificate, adds the Puppet master's certdnsnames values to the
X.509 Subject Alternative Name field of the certificate, which allows
remote attackers to spoof a Puppet master via a man-in-the-middle
(MITM) attack against an agent that uses an alternate DNS name for the
master, aka "AltNames Vulnerability."
For the squeeze-backports distribution the problems have been fixed in
version 2.7.6-1~bpo60+1.