This security issue was first reported on 2022-03-22: * https://saltproject.io/security_announcements/attention-some-critical-vulnerabilities-have-been-discovered-in-salt-versions-3004-and-earlier/ The new versions were released yesterday (2022-03-28): * https://saltproject.io/security_announcements/salt-security-advisory-release/ > Updated packages for the versions below can be found at https://repo.saltproject.io for these supported versions of Salt: > > * 3004.1 > * 3003.4 > * 3002.8
Thanks for reporting! Is there a mailing list or something where these are announced? Maintainer, please stabilize 3002.7 and 3003.3.
> Is there a mailing list or something where these are announced? Yes, there are a variety of places. * https://groups.google.com/g/salt-announce - This group is mainly announcements for all new releases. * https://saltproject.io/security_announcements/ - This is the main page for security leases (and info). - This can be tracked using its RSS feed: + https://saltproject.io/feed/?post_type=security * https://app.slack.com/client/T7KPDM7M3/CNZKJMQ1E - Probably not so helpful here but there's also the `#announcements` channel on the community Slack instance.
(In reply to Imran Iqbal from comment #2) > > Is there a mailing list or something where these are announced? > > Yes, there are a variety of places. > > * https://groups.google.com/g/salt-announce > - This group is mainly announcements for all new releases. > * https://saltproject.io/security_announcements/ > - This is the main page for security leases (and info). > - This can be tracked using its RSS feed: > + https://saltproject.io/feed/?post_type=security > * https://app.slack.com/client/T7KPDM7M3/CNZKJMQ1E > - Probably not so helpful here but there's also the `#announcements` > channel on the community Slack instance. Thanks! Should be subscribed to that Google Group now, so I shouldn't miss these in the future.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=a4ba9f2fb65b65e29f00afe38eed9d10ac01301d commit a4ba9f2fb65b65e29f00afe38eed9d10ac01301d Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-10-31 11:57:07 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-10-31 11:57:38 +0000 [ GLSA 202310-22 ] Salt: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/767919 Bug: https://bugs.gentoo.org/812440 Bug: https://bugs.gentoo.org/836365 Bug: https://bugs.gentoo.org/855962 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202310-22.xml | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+)