From ${URL} : Saltstack, a client/server configuration system, was found to have allowed any minions to masquerade itself as any others agents when requesting stuff from the master, which could permit a compromised server to request data from another server, which could lead to potential information leak. References: http://seclists.org/oss-sec/2013/q4/85 https://github.com/saltstack/salt/pull/7356 Commit: https://github.com/saltstack/salt/pull/7356/commits @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
CVE-2013-4439 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4439): Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key.
0.17.2 in tree. @maintainer: please clean up.
Maintainer(s), Thank you for your work! No stable versions - no glsa needed.