Summary: | <app-admin/salt-2016.11.8: directory traversals on the Salt-master via crafted minion ID | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | chutzpah |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/saltstack/salt/pull/42944 | ||
Whiteboard: | ~2 [noglsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 633868 |
Description
GLSAMaker/CVETool Bot
2017-08-15 15:48:57 UTC
@ Maintainer(s): Please bump to
>=app-admin/salt-2016.3.7
>=app-admin/salt-2016.11.7
>=app-admin/salt-2017.7.1
(In reply to Thomas Deutschmann from comment #1) > @ Maintainer(s): Please bump to > > >=app-admin/salt-2016.3.7 > >=app-admin/salt-2016.11.7 Added the specified versions and cleaned the old ones up. Applied the fix to salt-2015.8.13 series as well (in 2015.8.13-r1), which I assume Patrick still wants to keep around. These still need to be fixed: > =app-admin/salt-2015.5.10 > =app-admin/salt-2017.7.0 These need to be cleaned up: > =salt-2015.8.13 @maintainer, upstream only patched 2016.11. Are previous versions needed? |