[Secure-testing-commits] r38663 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Jan 3 13:18:01 UTC 2016
Author: carnil
Date: 2016-01-03 13:18:00 +0000 (Sun, 03 Jan 2016)
New Revision: 38663
Modified:
data/CVE/list
Log:
Mark CVE-2015-8034/salt as no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-01-03 12:08:31 UTC (rev 38662)
+++ data/CVE/list 2016-01-03 13:18:00 UTC (rev 38663)
@@ -4572,6 +4572,10 @@
CVE-2015-8034 [information leak from state.sls cache data stored as world-readable]
RESERVED
- salt 2015.8.3+ds-1 (bug #807356)
+ [jessie] - salt <no-dsa> (Minor issue)
+ NOTE: For jessie: /var/cache/salt/minion is created with restricted permissions on
+ NOTE: first start of salt-minion in verify_env mitigating the issue, cf.
+ NOTE: https://sources.debian.net/src/salt/2014.1.13%2Bds-3/salt/utils/verify.py/#L207
NOTE: https://github.com/cachedout/salt/commit/097838ec0c52b1e96f7f761e5fb3cd7e79808741
NOTE: https://github.com/saltstack/salt/issues/28455
CVE-2014-9755
More information about the Secure-testing-commits
mailing list