Summary: | sysutils/py-salt: Update to 2019.2.4 (CVE fix) | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Christer Edwards <christer.edwards> | ||||
Component: | Individual Port(s) | Assignee: | Kurt Jaeger <pi> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Many People | CC: | danmcgrath.ca, pi, ports-secteam, woodsb02 | ||||
Priority: | Normal | Keywords: | security | ||||
Version: | Latest | Flags: | woodsb02:
merge-quarterly+
|
||||
Hardware: | Any | ||||||
OS: | Any | ||||||
URL: | https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html | ||||||
Attachments: |
|
Description
Christer Edwards
2020-04-30 14:58:16 UTC
Can you provide a vuxml entry ? testbuilds@work A commit references this bug: Author: pi Date: Fri May 1 10:28:21 UTC 2020 New revision: 533533 URL: https://svnweb.freebsd.org/changeset/ports/533533 Log: sysutils/py-salt: update 2019.2.3 -> 2019.2.4 - fix two CVE found in the Salt Master PR: 246061 Submitted by: Christer Edwards <christer.edwards@gmail.com> (maintainer) Relnotes: https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html Changes: head/sysutils/py-salt/Makefile head/sysutils/py-salt/distinfo Committed, thanks. TODO: vuxml entry A commit references this bug: Author: pi Date: Sun May 3 06:20:13 UTC 2020 New revision: 533746 URL: https://svnweb.freebsd.org/changeset/ports/533746 Log: MFH: r533533 sysutils/py-salt: update 2019.2.3 -> 2019.2.4 - fix two CVE found in the Salt Master PR: 246061 Submitted by: Christer Edwards <christer.edwards@gmail.com> (maintainer) Relnotes: https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html Approved by: portmgr (security blanket) Changes: _U branches/2020Q2/ branches/2020Q2/sysutils/py-salt/Makefile branches/2020Q2/sysutils/py-salt/distinfo Hi, I was just noticing that while I was able to update my poudriere backed minions just fine already, the master that pulls from the 12.x quarterly branch still hasn't received this update. Any ETA on this? And more importantly, is it ok to turn a vulnerable master back on if the minions are patched? I don't know how often the quarterly branch is build. It will probably happen soon. A commit references this bug: Author: woodsb02 Date: Sat May 16 06:45:09 UTC 2020 New revision: 535356 URL: https://svnweb.freebsd.org/changeset/ports/535356 Log: Add new sysutils/py-salt vulnerabilities PR: 246061 Reported by: Christer Edwards <christer.edwards@gmail.com> Security: CVE-2020-11651 Security: CVE-2020-11652 Changes: head/security/vuxml/vuln.xml VuXML entry committed - thanks Christer and Kurt! |