[Pkg-salt-team] Bug#985085: salt: CVE-2021-25315

Elimar Riesebieter riesebie at lxtec.de
Fri Mar 12 18:41:08 GMT 2021


Source: salt
Version: 2016.11.2+ds-1+deb9u6 2018.3.4+dfsg1-6+deb10u2 3002.5+dfsg1-1
Severity: normal
Tags: patch security upstream
X-Debbugs-Cc: hostmasters at hostsharing.net, Debian Security Team <team at security.debian.org>, Debian Security Team <team at security.debian.org>

Hi,

The following vulnerability was published for salt.

CVE-2021-25315:
A Incorrect Implementation of Authentication Algorithm vulnerability

Maybe the following patch solves that issue:
https://bugzilla.suse.com/show_bug.cgi?id=1182382

It would be nice to have a backport to buster as well fixes
according to
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983632 doe buster
and stretch as well.

Thanks in advance

-- 
  Elimar



More information about the pkg-salt-team mailing list