558820 – <app-admin/salt-2015.5.8: git module leaks authentication details into log

Bug 558820 - <app-admin/salt-2015.5.8: git module leaks authentication details into log

Summary: <app-admin/salt-2015.5.8: git module leaks authentication details into log

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:	https://bugzilla.redhat.com/show_bug....
Whiteboard:	~3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2015-08-26 12:24 UTC by Agostino Sarubbo
Modified:	2016-03-29 09:38 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2015-08-26 12:24:56 UTC

From ${URL} :

It was found that calling git.clone with https user/pass will leak the authentication details to 
the log.

Upstream patch:

https://github.com/saltstack/salt/commit/28aa9b105804ff433d8f663b2f9b804f2b75495a


@maintainer(s): since the fixed version is already in the tree, please remove the affected versions.

Comment 1 Patrick McLean gentoo-dev

2015-09-01 21:41:05 UTC

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c4558deb1c8f0b1a56eebf0e221c8cdc2aa5afe3

Comment 2 Aaron Bauman (RETIRED) gentoo-dev

2016-03-29 09:38:03 UTC

2015.5.3 has been cleaned which complete removes all vulnerable versions.  

https://github.com/saltstack/salt/commit/28aa9b105804ff433d8f663b2f9b804f2b75495a