Bug 558820

Summary:	<app-admin/salt-2015.5.8: git module leaks authentication details into log
Product:	Gentoo Security	Reporter:	Agostino Sarubbo <ago>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	trivial	CC:	chutzpah
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://bugzilla.redhat.com/show_bug.cgi?id=1257154
Whiteboard:	~3 [noglsa]
Package list:		Runtime testing required:	---

Description Agostino Sarubbo gentoo-dev

2015-08-26 12:24:56 UTC

From ${URL} :

It was found that calling git.clone with https user/pass will leak the authentication details to 
the log.

Upstream patch:

https://github.com/saltstack/salt/commit/28aa9b105804ff433d8f663b2f9b804f2b75495a


@maintainer(s): since the fixed version is already in the tree, please remove the affected versions.

Comment 1 Patrick McLean gentoo-dev

2015-09-01 21:41:05 UTC

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c4558deb1c8f0b1a56eebf0e221c8cdc2aa5afe3

Comment 2 Aaron Bauman (RETIRED) gentoo-dev

2016-03-29 09:38:03 UTC

2015.5.3 has been cleaned which complete removes all vulnerable versions.  

https://github.com/saltstack/salt/commit/28aa9b105804ff433d8f663b2f9b804f2b75495a