[Pkg-salt-team] Bug#783300: salt: CVE-2015-1838: insecure /tmp file handling in salt/modules/serverdensity_device.py
Salvatore Bonaccorso
carnil at debian.org
Sat Apr 25 15:21:11 UTC 2015
Control: retitle -1 salt: CVE-2015-1838 CVE-2015-1839
On Sat, Apr 25, 2015 at 05:11:23PM +0200, Salvatore Bonaccorso wrote:
> Source: salt
> Version: 2014.7.0+ds-2
> Severity: normal
> Tags: security upstream patch fixed-upstream
>
> Hi
>
> There is an insecure use of /tmp file handling in
> salt/modules/serverdensity_device.py which afaics is only in 2014.7.0
> (so affecting experimental only) and is fixed in 2014.7.4.
>
> See: https://bugzilla.redhat.com/show_bug.cgi?id=1212784
And actually there is as well CVE-2015-1839, which affects the same
set of versions, so using the same bug report (retitled accordingly).
More information at
https://bugzilla.redhat.com/show_bug.cgi?id=1212788
Regards,
Salvatore
More information about the pkg-salt-team
mailing list