[Git][security-tracker-team/security-tracker][master] CVE-2020-11651/salt: clarify patches

Sylvain Beucler (@beuc) beuc at debian.org
Mon Dec 20 18:25:07 GMT 2021 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
90b0fb25 by Sylvain Beucler at 2021-12-20T19:23:43+01:00
CVE-2020-11651/salt: clarify patches

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -117745,12 +117745,10 @@ CVE-2020-11651 (An issue was discovered in SaltStack Salt before 2019.2.4 and 30
 	{DSA-4676-2 DSA-4676-1 DLA-2223-1}
 	- salt 3000.2+dfsg1-1 (bug #959684)
 	NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
-	NOTE: Fixed by: https://github.com/saltstack/salt/commit/a67d76b15615983d467ed81371b38b4a17e4f3b7
-	NOTE: Followup needed: https://github.com/saltstack/salt/commit/78172bf647473d5c1c2720e72fc12d6f2314d583
-	NOTE: There is a typo in the whitelisted methods on AESFuncs:
-	NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst#known-issue
-	NOTE: Regression bugreport: https://github.com/saltstack/salt/issues/57016
-	NOTE: https://github.com/saltstack/salt/issues/57027
+	NOTE: Fixed by: https://github.com/saltstack/salt/commit/a67d76b15615983d467ed81371b38b4a17e4f3b7 (v3000.2)
+	NOTE: Regression: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst#known-issue
+	NOTE: Regression fix: https://github.com/saltstack/salt/commit/cea28c850f7562fd3b869a1bbcc95050ab19e0f1 (v3000.3)
+	NOTE: See also https://gitlab.com/saltstack/open/salt-patches/-/raw/master/patches/2020/04/14/
 CVE-2020-11650 (An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before ...)
 	NOT-FOR-US: FreeNAS
 CVE-2020-11649 (An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Membe ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90b0fb2594055d14db7a155643de87d36108ea08

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90b0fb2594055d14db7a155643de87d36108ea08
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211220/e7f7e65d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list