CVE-2017-12791 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12791): Maliciously crafted minion IDs can cause unwanted directory traversals on the Salt-master.
@ Maintainer(s): Please bump to >=app-admin/salt-2016.3.7 >=app-admin/salt-2016.11.7 >=app-admin/salt-2017.7.1
(In reply to Thomas Deutschmann from comment #1) > @ Maintainer(s): Please bump to > > >=app-admin/salt-2016.3.7 > >=app-admin/salt-2016.11.7 Added the specified versions and cleaned the old ones up. Applied the fix to salt-2015.8.13 series as well (in 2015.8.13-r1), which I assume Patrick still wants to keep around. These still need to be fixed: > =app-admin/salt-2015.5.10 > =app-admin/salt-2017.7.0 These need to be cleaned up: > =salt-2015.8.13
@maintainer, upstream only patched 2016.11. Are previous versions needed?
Tree is clean: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83c3b7ff1b9edab8f437aad399ec4b01c07395d2