[Pkg-salt-team] Bug#959684: salt: CVE-2020-11651 and CVE-2020-11652
Elimar Riesebieter
riesebie at lxtec.de
Tue May 5 17:02:54 BST 2020
There are official patches from saltstack available here:
2018.3.x <http://em.saltstack.com/TZfP20M01000sHF1097UhQ0>
2017.7.x <http://em.saltstack.com/dh09M1cf4U0Qs00H7y010P0>
2016.x.x <http://em.saltstack.com/WP01zfH790d1QhM00U0s400>
I requested them via
https://www.saltstack.com/lp/request-patch-april-2020/
Please notice that there are more CVE' not fixed yet:
CVE-2019-17361 => 2016.11.2+ds-1+deb9u2 and 2018.3.4+dfsg1-6
CVE-2019-1010259 => 2016.11.2+ds-1+deb9u2
CVE-2018-15751 => 2016.11.2+ds-1+deb9u2
See https://security-tracker.debian.org/tracker/source-package/salt.
I asked saltstack for patches of those as well.
HTH
Elimar
--
Learned men are the cisterns of knowledge,
not the fountainheads ;-)
More information about the pkg-salt-team
mailing list