From https://groups.google.com/g/salt-announce/c/rxYIzQ6jnQs/m/i_UvF76kAAAJ: CVE-2023-20897: - **Impact**: After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted. CVE-2023-20898: - **Impact:** Anything that uses Git Providers with different environments can get garbage data or the wrong data, which can lead to wrongful data disclosure, wrongful executions, data corruption and/or crash. Fixes in 3005.2, 3006.2. From: https://groups.google.com/g/salt-announce/c/BgrqzYaTAoM/m/cN0JEg1mAwAJ: CVE-2023-34049: Impact: If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. Fix in 3005.4, 3006.4. Please bump.
Please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=287c89a2f81a4c96109fce9a1d9172223043bd55 commit 287c89a2f81a4c96109fce9a1d9172223043bd55 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-12-07 11:25:36 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-12-07 11:25:59 +0000 [ GLSA 202412-09 ] Salt: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/916512 Bug: https://bugs.gentoo.org/925021 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202412-09.xml | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+)
