Bug#726480: marked as done (salt: Multiple security issues)

Wed, 30 Oct 2013 09:03:47 -0700 

Your message dated Wed, 30 Oct 2013 16:00:07 +0000
with message-id <e1vbybj-0007hu...@franck.debian.org>
and subject line Bug#726480: fixed in salt 0.17.1+dfsg-1
has caused the Debian Bug report #726480,
regarding salt: Multiple security issues
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
726480: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726480
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: salt
Severity: grave
Tags: security
Justification: user security hole

This was posted to oss-security. Since it's now more or less
public, you should contact upstream to check the patch status:

http://seclists.org/oss-sec/2013/q4/113
http://seclists.org/oss-sec/2013/q4/114

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
Source: salt
Source-Version: 0.17.1+dfsg-1

We believe that the bug you reported is fixed in the latest version of
salt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 726...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Joe Healy <joehe...@gmail.com> (supplier of updated salt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 23 Oct 2013 00:19:26 +1100
Source: salt
Binary: salt-common salt-master salt-minion salt-syndic salt-ssh salt-doc
Architecture: source all
Version: 0.17.1+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Salt Team <pkg-salt-t...@lists.alioth.debian.org>
Changed-By: Joe Healy <joehe...@gmail.com>
Description: 
 salt-common - shared libraries that salt requires for all packages
 salt-doc   - additional documentation for salt, the distributed remote executi
 salt-master - remote manager to administer servers via salt
 salt-minion - client package for salt, the distributed remote execution system
 salt-ssh   - remote manager to administer servers via salt
 salt-syndic - master-of-masters for salt, the distributed remote execution syst
Closes: 725999 726480
Changes: 
 salt (0.17.1+dfsg-1) unstable; urgency=medium
 .
   * [ebd0329] Updated gbp.conf to remove saltstack theme
   * [ba2cb77] Updated debian/watch to deal with dfsg versions
   * [091a74a] Imported Upstream version 0.17.1+dfsg
    * Various security fixes, Closes: 726480
     * Insufficent Argument Validation CVE-2013-4435
     * MITM ssh attack in salt-ssh CVE-2013-4436
     * Insecure Usage of /tmp in salt-ssh CVE-2013-4438
     * YAML Calling Unsafe Loading Routine CVE-2013-4438
     * Failure to Validate Minions Posting Data CVE-2013-4439
   * [47ce833] Removed patches for issues fixed by upstream
   * [fddc7b5] Added patches for doc theme change and minor fixes
   * [b146f77] Build man pages
   * [cd33d3a] Copyright and licence audit, Closes: 725999
Checksums-Sha1: 
 3e5c2e0f629c179d60f74fcc35902aec9279daf9 2761 salt_0.17.1+dfsg-1.dsc
 f33c3e0ad42be462dfb4724c69215737dbd69ee7 1532118 salt_0.17.1+dfsg.orig.tar.gz
 f7660961c1c7778322d35e0c10564fc5264ba802 16344 salt_0.17.1+dfsg-1.debian.tar.gz
 537b6feff9c32dde1da68c6090a4f008b3e32956 968606 
salt-common_0.17.1+dfsg-1_all.deb
 c549ebcdff24a9a122625cded641b278c56ebe21 25618 
salt-master_0.17.1+dfsg-1_all.deb
 0c3b14178c670fd58ff25df9e998cfc640916f76 17336 
salt-minion_0.17.1+dfsg-1_all.deb
 4af53368f4755c74dd067287cb9f1e840a8339d8 10696 
salt-syndic_0.17.1+dfsg-1_all.deb
 ac5c4ec257fc3f6f85abc98b8f70e3f164f9702f 10362 salt-ssh_0.17.1+dfsg-1_all.deb
 d7ecad8d155f07d00018134d665062243d560305 741528 salt-doc_0.17.1+dfsg-1_all.deb
Checksums-Sha256: 
 9f079d806b47b05a96ff9e88343c23479d50c5f7b89df71b469eec8ac448ba4f 2761 
salt_0.17.1+dfsg-1.dsc
 ad155fe8c9339374c96dd644cc1c213a6eb49363ceb30895411b64abfe13ac7e 1532118 
salt_0.17.1+dfsg.orig.tar.gz
 a82c81969b7fabe5b57b32267b7bad21e50c623b5d9de2eae4d04ed924023592 16344 
salt_0.17.1+dfsg-1.debian.tar.gz
 3082e71ae216076d753595f4a96a7ae9cfed1686e0397f10a4b5fbf2f9bb6fcc 968606 
salt-common_0.17.1+dfsg-1_all.deb
 d778d6c7ecba8c5e2ac7203493c1167c862921e94022bf958717a8624ff2f64b 25618 
salt-master_0.17.1+dfsg-1_all.deb
 6729ab37d7eef9636a612fd6ef77473131af918086bde2a7d4ac34acc155e166 17336 
salt-minion_0.17.1+dfsg-1_all.deb
 771173066bf11fc62bc623efaa28515b76b85a977c62c3adc9a8aa4c4947a7f3 10696 
salt-syndic_0.17.1+dfsg-1_all.deb
 639a9e5d05e0439063537f3a0e806e06ccec76f06d12da679b02b7371e644551 10362 
salt-ssh_0.17.1+dfsg-1_all.deb
 92c7751fef39dcc79d1d58141049a6603b7d53a00c5af8e24ddf701dafb3dd69 741528 
salt-doc_0.17.1+dfsg-1_all.deb
Files: 
 05e49d76ed9ac5832514e60e2e69313d 2761 admin extra salt_0.17.1+dfsg-1.dsc
 107ed9d149d59522670a099d58141379 1532118 admin extra 
salt_0.17.1+dfsg.orig.tar.gz
 fb798ed70eba7c95fb7a950b7e099816 16344 admin extra 
salt_0.17.1+dfsg-1.debian.tar.gz
 9bf2bafa0ceaf2f0c6b4ccc45179a54b 968606 admin extra 
salt-common_0.17.1+dfsg-1_all.deb
 68eb70b98462949ccb260da4bc343ba5 25618 admin extra 
salt-master_0.17.1+dfsg-1_all.deb
 1d5924182e4dbed7f691d5a4b2f360dc 17336 admin extra 
salt-minion_0.17.1+dfsg-1_all.deb
 27c2f5efd1716357d5adc7c1aae95f3a 10696 admin extra 
salt-syndic_0.17.1+dfsg-1_all.deb
 76f2bcfcc5267ae952cf30a8f49f8ec4 10362 admin extra 
salt-ssh_0.17.1+dfsg-1_all.deb
 e912f0660d8597ef05f77c07793f8e28 741528 doc extra 
salt-doc_0.17.1+dfsg-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQLvBAEBCgDZBQJScKj2wBEaaHR0cDovL21hcnRpbi1rcmFmZnQubmV0L2dwZy9z
aWctcG9saWN5LzU1Yzk4ODJkOTk5YmJjYzQvMjAxMTAxMjQxMTI1P3NoYTUxMnN1
bT0xY2FkOTZmZDI3ZDMyMzNmNTNlMjI4NDk1MzM2NDgxMDdlNWVlOGQ1YmU2NTUy
NTFkNzRjOGYxYzVjM2JjNDJmMjMwNGZhNTE1MTUwZjdiZDRkZDA1ZTk4MTk5MjRm
MDQ5NTEzZWU5OTYyY2E3MTcwOWY4MWQ5NDUxNTg1MmJkOAAKCRBVyYgtmZu8xLCh
EACcyj96XfVRs+HuC8c1O6NX5whLq1vF7DsGyNISK5ZyaUpy1Mqtvmt4m8vBNy0b
ICTmyck7HsoyJ5xBR8Od6NxXxNwAoU5AA8xc63z/GGWZs0/kf31vYaXzGKyPICLE
hJWs3k5jP1xcYghGSDNEYJj/uKl0NiaWeSKL82B10XVS+T6WwY5FuA7LYpCWrYEY
Qeb/sMad/WRFxlI0oQz9J7g23K5Z37YjF7qX7kIBssZvvY0zq9zpt1YZgARWmzQ3
Pchae7TITDxOT70xYrDsudZubh4vxhbVpNZcLqpQeGpJq42X1qxZpjH8Pk5sfwQg
PHdawOG5TrkH9MQHwQURFODSr7+zy/aYl43RYGl6lC2YUEO7Hv90numLFKuQPm5h
y96VSshjS3kP5FKD1RvicUmnWAdV0fKuYHUB6UMALJfTGyuxp0EOTFaXgKsMldrO
Kp387G+b8J8nYHmRSeEYit6IfufEwdVU81wAfQbG33f/4TJR7dtLFUIhZgI2q6FN
5df8PXd86Z0w3gDHAoF80hnXO12eGo9NrwyhT9CVCFyXVH2EgV52ZjZpKOfqCnJQ
xv4t/B4N/xl2gRCcW9qwnE102U3xCVC5qOoVRgE7kai616Gw5tPhQmTMwXeVF/wb
aQCP441cpQcGGdx67RglkMHmUmjbVuc8W+2UZBGKejzn3g==
=I7zV
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to