[Git][security-tracker-team/security-tracker][master] CVE-2021-3197, CVE-2020-28243, CVE-2021-25282, CVE-2021-25284/salt: reference...

Sylvain Beucler (@beuc) beuc at debian.org
Mon Dec 27 16:48:28 GMT 2021



Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e5e6ad54 by Sylvain Beucler at 2021-12-27T17:48:16+01:00
CVE-2021-3197,CVE-2020-28243,CVE-2021-25282,CVE-2021-25284/salt: reference regression & follow-up reports
for salt/stretch regression & follow-up commits
as requested by apo

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -54264,8 +54264,10 @@ CVE-2021-3197 (An issue was discovered in SaltStack Salt before 3002.5. The salt
 	NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
 	NOTE: https://github.com/saltstack/salt/commit/5273722c2180c394bc426f731450b95809ca952e (v3002.3)
 	NOTE: https://github.com/saltstack/salt/commit/039b7f3f5713170799363d96e6263c2809e4245c (v3002.3)
-	NOTE: Regression fix https://github.com/saltstack/salt/commit/51f350fcdf4b14e4f16cedabd743ca23c574a186
-	NOTE: Regression fix https://github.com/saltstack/salt/commit/61d74a7e3bc4dfd6f16a7f123e76d0824059217d
+	NOTE: Regression: https://github.com/saltstack/salt/pull/59664
+	NOTE: Regression fix: https://github.com/saltstack/salt/commit/51f350fcdf4b14e4f16cedabd743ca23c574a186
+	NOTE: Regression follow-up: https://github.com/saltstack/salt/pull/59748
+	NOTE: Regression follow-up fix: https://github.com/saltstack/salt/commit/61d74a7e3bc4dfd6f16a7f123e76d0824059217d
 CVE-2021-3196 (An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 t ...)
 	NOT-FOR-US: Hitachi ID Bravura Security Fabric
 CVE-2021-3195 (** DISPUTED ** bitcoind in Bitcoin Core through 0.21.0 can create a ne ...)
@@ -55259,8 +55261,10 @@ CVE-2021-25284 (An issue was discovered in through SaltStack Salt before 3002.5.
 	[buster] - salt 2018.3.4+dfsg1-6+deb10u3
 	NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
 	NOTE: https://github.com/saltstack/salt/commit/ac2ce3a3a000e428122bc120179e083de95c1de7 (v3002.3)
-	NOTE: Regression https://github.com/saltstack/salt/commit/24d04343b36ffbd4cf63441db13b43363ea57548
-	NOTE: Regression https://github.com/saltstack/salt/commit/e6dd6a482a76e2c82fcc6eeb6df9030e453837c4
+	NOTE: Regression: https://github.com/saltstack/salt/pull/59664
+	NOTE: Regression fix: https://github.com/saltstack/salt/commit/24d04343b36ffbd4cf63441db13b43363ea57548
+	NOTE: Regression: https://github.com/saltstack/salt/issues/59793
+	NOTE: Regression fix: https://github.com/saltstack/salt/commit/e6dd6a482a76e2c82fcc6eeb6df9030e453837c4
 CVE-2021-25283 (An issue was discovered in through SaltStack Salt before 3002.5. The j ...)
 	{DLA-2815-1}
 	- salt 3002.5+dfsg1-1 (bug #983632)
@@ -55273,6 +55277,7 @@ CVE-2021-25282 (An issue was discovered in through SaltStack Salt before 3002.5.
 	[buster] - salt 2018.3.4+dfsg1-6+deb10u3
 	NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
 	NOTE: https://github.com/saltstack/salt/commit/aafc5ed6de60403c90201d85963299df351147ec (v3002.3)
+	NOTE: Regression: https://github.com/saltstack/salt/issues/59935
 	NOTE: Regression fix: https://github.com/saltstack/salt/commit/da381954425e1e1d5b807ff1156090847c5d16aa
 CVE-2021-25281 (An issue was discovered in through SaltStack Salt before 3002.5. salt- ...)
 	{DLA-2815-1}
@@ -78514,7 +78519,8 @@ CVE-2020-28243 (An issue was discovered in SaltStack Salt before 3002.5. The min
 	NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
 	NOTE: Introduced by: https://github.com/saltstack/salt/commit/e02df6fd3ceb605a58e4ac75c06077f52963187a (v2016.3)
 	NOTE: Fixed by: https://github.com/saltstack/salt/commit/61dd6d178b1dae0a1bf884bcd1149003281f8194 (v3002.3)
-	NOTE: Hardening: https://github.com/saltstack/salt/commit/777ffe612e612fb443018c1d7983d4abe4632bb2 (v3002.6)
+	NOTE: Follow-up: https://github.com/saltstack/salt/commit/777ffe612e612fb443018c1d7983d4abe4632bb2 (v3002.6)
+	NOTE: Follow-up doc: https://github.com/saltstack/salt/commit/903cfdcf6863b288fa41549bd991da6049962f54 (next commit)
 CVE-2020-28242 (An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 1 ...)
 	- asterisk 1:16.15.0~dfsg-1 (bug #974713)
 	[buster] - asterisk <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5e6ad54360d418cb5b323275a8a8330f9663889

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5e6ad54360d418cb5b323275a8a8330f9663889
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211227/02720a01/attachment.htm>


More information about the debian-security-tracker-commits mailing list