[Git][security-tracker-team/security-tracker][master] CVE-2021-31607/salt: reference affected versions and patch

[Sylvain Beucler (@beuc)]

Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
30b6ff60 by Sylvain Beucler at 2021-12-14T18:19:50+01:00
CVE-2021-31607/salt: reference affected versions and patch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -36485,6 +36485,8 @@ CVE-2021-31607 (In SaltStack Salt 2016.9 through 3002.6, a command injection vul
 	- salt 3002.6+dfsg1-2 (bug #987496)
 	[buster] - salt 2018.3.4+dfsg1-6+deb10u3
 	NOTE: https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/
+	NOTE: Introduced by: https://gitlab.com/saltstack/open/salt/-/commit/1343078d03613e33eec9e5ec5095d2e0b0aa2e59 (v2016.9)
+	NOTE: Combined fix and regression fix: https://salsa.debian.org/salt-team/salt/-/commit/71f7f30851f9609bfda5a1b0f5b115d2743372cd
 CVE-2021-31606 (furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to  ...)
 	NOT-FOR-US: openvpn-monitor
 CVE-2021-31605 (furlongm openvpn-monitor through 1.1.3 allows %0a command injection vi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30b6ff608e6314026e0c6754799fd4c2f8c1123d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30b6ff608e6314026e0c6754799fd4c2f8c1123d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211214/2604f77e/attachment.htm>