Summary: | sysutils/py-salt: update to 2018.3.3 (CVE-2018-15751, CVE-2018-15750) | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Christer Edwards <christer.edwards> | ||||
Component: | Individual Port(s) | Assignee: | Ben Woods <woodsb02> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Many People | CC: | bdrewery, woodsb02 | ||||
Priority: | --- | Flags: | woodsb02:
merge-quarterly+
|
||||
Version: | Latest | ||||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
Description
Christer Edwards
2018-10-24 22:18:28 UTC
A commit references this bug: Author: woodsb02 Date: Sat Oct 27 08:06:03 UTC 2018 New revision: 483113 URL: https://svnweb.freebsd.org/changeset/ports/483113 Log: Add entry for sysutils/py-salt PR: 232663 Reported by: Christer Edwards <christer.edwards@gmail.com> Security: https://www.vuxml.org/freebsd/4f7c6af3-6a2c-4ead-8453-04e509688d45.html Changes: head/security/vuxml/vuln.xml A commit references this bug: Author: woodsb02 Date: Sat Oct 27 08:07:37 UTC 2018 New revision: 483114 URL: https://svnweb.freebsd.org/changeset/ports/483114 Log: sysutils/py-salt: Update to 2018.3.3 This is a security release, addressing the following CVE's: - CVE-2018-15751 - Remote command execution and incorrect access control when using salt-api. - CVE-2018-15750 - Directory traversal vulnerability using salt-api. Allows an attacker to determine what files exist on a server when querying /run or /events. Other changes this release: https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html PR: 232663 Submitted by: Christer Edwards <christer.edwards@gmail.com> Approved by: Christer Edwards (maintainer) MFH: 2018Q4 Security: https://www.vuxml.org/freebsd/4f7c6af3-6a2c-4ead-8453-04e509688d45.html Changes: head/sysutils/py-salt/Makefile head/sysutils/py-salt/distinfo Committed - thanks! Awaiting approval to merge to ports quarterly branch 2018Q4. A commit references this bug: Author: woodsb02 Date: Sun Oct 28 14:11:23 UTC 2018 New revision: 483295 URL: https://svnweb.freebsd.org/changeset/ports/483295 Log: MFH: r483114 sysutils/py-salt: Update to 2018.3.3 This is a security release, addressing the following CVE's: - CVE-2018-15751 - Remote command execution and incorrect access control when using salt-api. - CVE-2018-15750 - Directory traversal vulnerability using salt-api. Allows an attacker to determine what files exist on a server when querying /run or /events. Other changes this release: https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html PR: 232663 Submitted by: Christer Edwards <christer.edwards@gmail.com> Approved by: Christer Edwards (maintainer) Security: https://www.vuxml.org/freebsd/4f7c6af3-6a2c-4ead-8453-04e509688d45.html Approved by: ports-secteam (riggs) Changes: _U branches/2018Q4/ branches/2018Q4/sysutils/py-salt/Makefile branches/2018Q4/sysutils/py-salt/distinfo Merged to 2018Q4. |