[Bug 223821] sysutils/py-salt: Update to 2017.7.2
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Nov 23 14:41:01 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223821
Bug ID: 223821
Summary: sysutils/py-salt: Update to 2017.7.2
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: freebsd-ports-bugs at FreeBSD.org
Reporter: woodsb02 at freebsd.org
CC: christer.edwards at gmail.com
CC: christer.edwards at gmail.com
Flags: maintainer-feedback?(christer.edwards at gmail.com)
Created attachment 188217
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=188217&action=edit
Patch to update sysutils/py-salt to 2017.7.2
sysutils/py-salt: Update to 2017.7.2
Changes this release:
https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html
This update includes 2 security fixes:
CVE-2017-14695 Directory traversal vulnerability in minion id validation in
SaltStack. Allows remote minions with incorrect credentials to authenticate to
a master via a crafted minion ID. Credit for discovering the security flaw goes
to: Julian Brost (julian at 0x4a42.net)
CVE-2017-14696 Remote Denial of Service with a specially crafted authentication
request. Credit for discovering the security flaw goes to: Julian Brost
(julian at 0x4a42.net)
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list