[Pkg-salt-team] Bug#783300: salt: CVE-2015-1838: insecure /tmp file handling in salt/modules/serverdensity_device.py

Salvatore Bonaccorso carnil at debian.org
Sat Apr 25 15:21:11 UTC 2015

Control: retitle -1 salt: CVE-2015-1838 CVE-2015-1839

On Sat, Apr 25, 2015 at 05:11:23PM +0200, Salvatore Bonaccorso wrote:
> Source: salt
> Version: 2014.7.0+ds-2
> Severity: normal
> Tags: security upstream patch fixed-upstream
> Hi
> There is an insecure use of /tmp file handling in
> salt/modules/serverdensity_device.py which afaics is only in 2014.7.0
> (so affecting experimental only) and is fixed in 2014.7.4.
> See: https://bugzilla.redhat.com/show_bug.cgi?id=1212784

And actually there is as well CVE-2015-1839, which affects the same
set of versions, so using the same bug report (retitled accordingly).

More information at


More information about the pkg-salt-team mailing list