Micah Anderson uploaded new packages for puppet which fixed the
following security problems:

CVE-2011-3872
  Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet
  Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an
  agent certificate, adds the Puppet master's certdnsnames values to the
  X.509 Subject Alternative Name field of the certificate, which allows
  remote attackers to spoof a Puppet master via a man-in-the-middle
  (MITM) attack against an agent that uses an alternate DNS name for the
  master, aka "AltNames Vulnerability."

For the squeeze-backports distribution the problems have been fixed in
version 2.7.6-1~bpo60+1.