[Pkg-salt-team] Bug#959684: [External] Bug#959684: salt: CVE-2020-11652: [CVEHelp at saltstack.com] Action Required: SaltStack CVE Follow-Up Patch
Graham Clinch
g.clinch at lancaster.ac.uk
Thu May 7 11:25:00 BST 2020
Hi,
> I would like to get some testing feedback on the stretch packages, if
> you have such instance
> https://people.debian.org/~carnil/tmp/salt/stretch/ contains testing
> packages.
These packages look good to me.
I updated two stretch instances from 2016.11.2+ds-1+deb9u3 to
2016.11.2+ds-1+deb9u4, for the following packages:
salt-api, salt-common, salt-master, salt-minion.
There were no errors during the update, and minions at various releases
(including 9u2, 9u3 and 9u4) connect to the salt master as expected.
Additionally a test tool reports the deb9u4 master as not vulnerable (it
reported the deb9u3 master as vulnerable to 'read_token').
Graham
More information about the pkg-salt-team
mailing list