[Bug 232663] sysutils/py-salt: update to 2018.3.3 (CVE-2018-15751, CVE-2018-15750)
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Oct 24 22:18:30 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=232663
Bug ID: 232663
Summary: sysutils/py-salt: update to 2018.3.3 (CVE-2018-15751,
CVE-2018-15750)
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: Individual Port(s)
Assignee: ports-bugs at FreeBSD.org
Reporter: christer.edwards at gmail.com
Created attachment 198605
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=198605&action=edit
patch
We are pleased to announce the 2018.3.3 release of Salt!
Release notes can be found here:
https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html
Sources are available on PyPI:
https://pypi.python.org/pypi/salt/2018.3.3
2018.3.3 is a security release. The following CVE's were fixed as part of this
release:
CVE-2018-15751 Remote command execution and incorrect access control when using
salt-api.
CVE-2018-15750 Directory traversal vulnerability when using salt-api. Allows an
attacker to determine what files exist on a server when querying /run or
/events.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list