Date: Sat, 27 Oct 2018 08:08:21 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 232663] sysutils/py-salt: update to 2018.3.3 (CVE-2018-15751, CVE-2018-15750) Message-ID: <bug-232663-7788-hfnOg0URuF@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-232663-7788@https.bugs.freebsd.org/bugzilla/> References: <bug-232663-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D232663 --- Comment #2 from commit-hook@freebsd.org --- A commit references this bug: Author: woodsb02 Date: Sat Oct 27 08:07:37 UTC 2018 New revision: 483114 URL: https://svnweb.freebsd.org/changeset/ports/483114 Log: sysutils/py-salt: Update to 2018.3.3 This is a security release, addressing the following CVE's: - CVE-2018-15751 - Remote command execution and incorrect access control when using salt-api. - CVE-2018-15750 - Directory traversal vulnerability using salt-api. Allows an attacker to determine what files exist on a server when querying /run or /events. Other changes this release: https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html PR: 232663 Submitted by: Christer Edwards <christer.edwards@gmail.com> Approved by: Christer Edwards (maintainer) MFH: 2018Q4 Security:=20=20=20=20 https://www.vuxml.org/freebsd/4f7c6af3-6a2c-4ead-8453-04e509688d45.html Changes: head/sysutils/py-salt/Makefile head/sysutils/py-salt/distinfo --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-232663-7788-hfnOg0URuF>