From ${URL} : It was found that calling git.clone with https user/pass will leak the authentication details to the log. Upstream patch: https://github.com/saltstack/salt/commit/28aa9b105804ff433d8f663b2f9b804f2b75495a @maintainer(s): since the fixed version is already in the tree, please remove the affected versions.
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c4558deb1c8f0b1a56eebf0e221c8cdc2aa5afe3
2015.5.3 has been cleaned which complete removes all vulnerable versions. https://github.com/saltstack/salt/commit/28aa9b105804ff433d8f663b2f9b804f2b75495a