Summary: | <app-admin/salt{5.6, 8.1}: win_useradd module and salt-cloud display passwords in debug log | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | chutzpah, jlec |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1273066 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2015-10-19 14:51:36 UTC
https://github.com/gentoo/gentoo/pull/327 app-admin/salt: Bumps to fix bug#563508 and CVE-2015-6941 Gentoo-Bug: 563508 CVE: CVE-2015-6941 - salt: win_useradd module and salt-cloud display passwords in debug log Package-Manager: portage-2.2.23 commit 0b662c556eab0c2468036e152473c2fba454ea21 Author: Elias Probst <mail@eliasprobst.eu> Date: Thu Nov 5 08:14:23 2015 +0100 app-admin/salt: Bumps to fix bug#563508 and CVE-2015-6941 Drop `salt-2015.5.0-archive-test.patch` from salt-2015.5.6.ebuild (upstream fix in @81a0d4c9) Gentoo-Bug: 563508 CVE: CVE-2015-6941 - salt: win_useradd module and salt-cloud display passwords in debug log Package-Manager: portage-2.2.23 Tree is clean now commit 8d979c150527855721e3838923313a1ea122f7d5 Author: Justin Lecher <jlec@gentoo.org> Date: Fri Nov 6 08:58:19 2015 +0100 app-admin/salt: Drop vulnerable versions Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=563508 Package-Manager: portage-2.2.23 Signed-off-by: Justin Lecher <jlec@gentoo.org> https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8d979c150527855721e3838923313a1ea122f7d5 Previous comments show the new versions that were committed to the tree and vulnerable versions that were dropped. Upstream github verifies the patch is present in 5.6 and 8.1, thus future versions are good as well. GLSA Vote: No |