[Git][security-tracker-team/security-tracker][master] Reference regression reports for CVE-2020-11651/salt
Salvatore Bonaccorso
carnil at debian.org
Sun May 3 16:21:11 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2ee05dd4 by Salvatore Bonaccorso at 2020-05-03T17:20:40+02:00
Reference regression reports for CVE-2020-11651/salt
It is known issue that the fix for CVE-2020-11651 introduced a
regression as explained in
<https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst#known-issue>
The whitelisted methods in AESFuncs contained a typo, where at least
_minion_runner moethod should be minion_runner. But a second related
regression was reported as well. List both for tracking.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3143,9 +3143,10 @@ CVE-2020-11651 (An issue was discovered in SaltStack Salt before 2019.2.4 and 30
NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
NOTE: Fixed by: https://github.com/saltstack/salt/commit/a67d76b15615983d467ed81371b38b4a17e4f3b7
NOTE: Followup needed: https://github.com/saltstack/salt/commit/78172bf647473d5c1c2720e72fc12d6f2314d583
- NOTE: There is a typo (for more info see the release notes) in the official correction.
- NOTE: This should be fixed too since this typo causes a regression:
+ NOTE: There is a typo in the whitelisted methods on AESFuncs:
NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst#known-issue
+ NOTE: Regression bugreport: https://github.com/saltstack/salt/issues/57016
+ NOTE: https://github.com/saltstack/salt/issues/57027
CVE-2020-11650 (An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before ...)
NOT-FOR-US: FreeNAS
CVE-2020-11649 (An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Membe ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ee05dd4e7953e786f6ad99f6beab116971176c9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ee05dd4e7953e786f6ad99f6beab116971176c9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200503/4ad3a012/attachment.html>
More information about the debian-security-tracker-commits
mailing list