Your message dated Tue, 30 Jun 2015 15:36:01 +0000
with message-id <[email protected]>
and subject line Bug#783300: fixed in salt 2015.5.2+ds-1
has caused the Debian Bug report #783300,
regarding salt: CVE-2015-1838 CVE-2015-1839
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
783300: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783300
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: salt
Version: 2014.7.0+ds-2
Severity: normal
Tags: security upstream patch fixed-upstream
Hi
There is an insecure use of /tmp file handling in
salt/modules/serverdensity_device.py which afaics is only in 2014.7.0
(so affecting experimental only) and is fixed in 2014.7.4.
See: https://bugzilla.redhat.com/show_bug.cgi?id=1212784
Please include the CVE id in changelog if you fix this issue.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: salt
Source-Version: 2015.5.2+ds-1
We believe that the bug you reported is fixed in the latest version of
salt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Joe Healy <[email protected]> (supplier of updated salt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 01 Jul 2015 00:13:37 +1000
Source: salt
Binary: salt-common salt-master salt-minion salt-syndic salt-ssh salt-doc
salt-cloud salt-api
Architecture: source all
Version: 2015.5.2+ds-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Salt Team <[email protected]>
Changed-By: Joe Healy <[email protected]>
Description:
salt-api - Generic, modular network access system
salt-cloud - public cloud VM management system
salt-common - shared libraries that salt requires for all packages
salt-doc - additional documentation for salt, the distributed remote executi
salt-master - remote manager to administer servers via salt
salt-minion - client package for salt, the distributed remote execution system
salt-ssh - remote manager to administer servers via salt
salt-syndic - master-of-masters for salt, the distributed remote execution syst
Closes: 777664 783300
Changes:
salt (2015.5.2+ds-1) unstable; urgency=medium
.
* [e6d32ad] Updated repack script to remove new sphinx theme
* [48bdace] Imported Upstream version 2015.5.2+ds
* [9e98c1c] Updated patches for 2015.5.2 and set doc theme to saltstack
.
salt (2015.5.0+ds-1) unstable; urgency=medium
.
* [52d8863] Imported Upstream version 2015.5.0+ds. Closes: 783300
* [bd5ad46] Updated patches for 2015.5. Closes: 777664
.
salt (2014.7.5+ds-1) unstable; urgency=medium
.
* [f41091a] Imported Upstream version 2014.7.5+ds
.
salt (2014.7.4+ds-1) UNRELEASED; urgency=medium
.
[ Benjamin Drung ]
* [c1f16f3] debian/changelog: Use capital UNRELEASED
* [48334b4] Point Vcs-Browser to cgit instead of gitweb.
* [b9e3de4] Remove unused ${shlibs:Depends} dependencies
.
[ Joe Healy ]
* [510c0d1] Imported Upstream version 2014.7.4+ds
* [8489807] Updated doc patches
.
salt (2014.7.2+ds-1) experimental; urgency=medium
.
* [dc3a14e] Added python-debian as dependency for package version tracking
* [9de90f3] Updated changelog to relabel versions that were not uploaded
* [984a676] Updated watch file to use pypi redirector
* [4e082fd] Imported Upstream version 2014.7.2+ds
* [7930d76] Added dh_python as a build dep
* [1e2ddb6] Refreshed patches for 2014.7.2
* [ca0f3e9] "Fixed" timestamps in generated files for reproducible builds.
* [9ef435b] Make log file readable by adm user. Closes: 777664
* [1feadd6] Refreshed lintian overrides and added comments as to their need
.
salt (2014.7.1+ds-3) UNRELEASED; urgency=medium
.
* [70d659a] Fixed salt-api upstart script
.
salt (2014.7.1+ds-2) UNRELEASED; urgency=medium
.
* [87971d4] Added dependency on python-dateutil
* [cb9b2e2] Added init.d, systemd and upstart files for salt-api
.
salt (2014.7.1+ds-1) UNRELEASED; urgency=medium
.
* [77a2f91] Imported Upstream version 2014.7.1+ds
* [7525339] Refreshed patches for 2014.7.1
* [314362b] Added salt-api packaging
.
salt (2014.7.0+ds-2) experimental; urgency=medium
.
* [9954f59] Added python-requests as a dependency
.
salt (2014.7.0+ds-1) experimental; urgency=medium
.
* [8e2c682] Imported Upstream version 2014.7.0+ds
* [2ad9738] Updated patches for 2014.7 release
* [0ac1a0c] Updated dependencies for initial 2014.7 release
Checksums-Sha1:
01b0f0900f6ccb6aa59718abea384db615482681 2500 salt_2015.5.2+ds-1.dsc
2cda9e2570a252adb70f3911184b7c4b09a19d04 4632482 salt_2015.5.2+ds.orig.tar.gz
21db696574ff6af206d2634fc3b74529adbb5697 26388 salt_2015.5.2+ds-1.debian.tar.xz
e0cd7d865911a9e0e594beb40f46e854efd1ce76 19406 salt-api_2015.5.2+ds-1_all.deb
4af4fa31184ca07645a47cf7b072365f0b6e6f66 20444 salt-cloud_2015.5.2+ds-1_all.deb
22c58b60085110dda27016bef771d08750cc0bbb 2324614
salt-common_2015.5.2+ds-1_all.deb
38d03ce4ccf129b31161cfcfe7bcefacff4bafa4 2609126 salt-doc_2015.5.2+ds-1_all.deb
4ea15f1a82074f1c6344fcdd75ece7f94d282f5c 38804
salt-master_2015.5.2+ds-1_all.deb
234ad8db10f701381eaddbf4300c6841882b10ed 28072
salt-minion_2015.5.2+ds-1_all.deb
cd40d32f6d34fcac254f949a7099d8bf33367e74 19662 salt-ssh_2015.5.2+ds-1_all.deb
cf7e274bbc50b7231fa35ebe6dcbcac7b3c523f1 19732
salt-syndic_2015.5.2+ds-1_all.deb
Checksums-Sha256:
a77ce0f9af8cb682812c1c6bc73947e1817c6fef591a223166ac3ee550d8deff 2500
salt_2015.5.2+ds-1.dsc
4b74157e793a7a56446dd0b009ff0cff3bd92f18a9175fc3ada5fbc6d42f701a 4632482
salt_2015.5.2+ds.orig.tar.gz
b7b616c3d2c943db38c6b7242c5aa5a15d186d91ac1e73964affc5b350dfe832 26388
salt_2015.5.2+ds-1.debian.tar.xz
3612949c49294ccbf0e9d7c48c8470fe494fea34b6e9e970af20df6490e11af4 19406
salt-api_2015.5.2+ds-1_all.deb
884af5e9ea0b3fec7f02883642a4c1f5a6552f44444609227ea6f0687629974d 20444
salt-cloud_2015.5.2+ds-1_all.deb
5a48042249a88da79c48e4a14b7ec5ffa1854e33d6c8b5e09d90214396ae423c 2324614
salt-common_2015.5.2+ds-1_all.deb
859e1453c716224a427c32816ba5beeb9e7e86dde1811e3affc25f5a952d3be3 2609126
salt-doc_2015.5.2+ds-1_all.deb
3e30a47bf72d6a81e78ec48ffcdddadc1552987c15ef28951ace6f8f5ac0bc71 38804
salt-master_2015.5.2+ds-1_all.deb
4a2e9147754343b237025ebd6bba2d80c6f17ccbc6156400b92a3c7e1885ddc3 28072
salt-minion_2015.5.2+ds-1_all.deb
6c011d359ff6d0dece37a04a392f6f1a05f0c1c75952eeffda2aceb658ccb463 19662
salt-ssh_2015.5.2+ds-1_all.deb
f120395c1b28a585886456ba8fd047fcb4dabd117a3e14fc30a7c1f655cb11a4 19732
salt-syndic_2015.5.2+ds-1_all.deb
Files:
ed6231b784bdcfa5507b83162ba897b4 2500 admin extra salt_2015.5.2+ds-1.dsc
27767f5e95ceaac635d54fd005127b40 4632482 admin extra
salt_2015.5.2+ds.orig.tar.gz
03806cef4d1f69dffdabd6141620acdd 26388 admin extra
salt_2015.5.2+ds-1.debian.tar.xz
1b4e313942e91eead0a127a1a67133db 19406 admin extra
salt-api_2015.5.2+ds-1_all.deb
0392866abb8e5d16dee320aaf1456f0b 20444 admin extra
salt-cloud_2015.5.2+ds-1_all.deb
97e9626830ef92a9c46592624650a8af 2324614 admin extra
salt-common_2015.5.2+ds-1_all.deb
ff824875fb7c4bafc2e08cab50d4b753 2609126 doc extra
salt-doc_2015.5.2+ds-1_all.deb
d4d3128cd770b90d4aeb1f75bd0cc066 38804 admin extra
salt-master_2015.5.2+ds-1_all.deb
25a8279874033e43e73eb65a63cb2ab7 28072 admin extra
salt-minion_2015.5.2+ds-1_all.deb
c048e8467858f03a199d9443aea0e8ca 19662 admin extra
salt-ssh_2015.5.2+ds-1_all.deb
6d06b14307033aa5cfa9c49fa8436bf8 19732 admin extra
salt-syndic_2015.5.2+ds-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJVkq2LAAoJELCeQLDyrmq5G4UP/1ZloqTOiZv5bQwJ3c8o1VtK
BH3QG7fiMGWQlEnBiLlaN5KJxU2J6UgdNCfdiN1hvLe6CoweD/KoCPWGfwkMkvrC
+HeqVMe7Q4WnyIdq5T02jlTjOM+yuHTvQkU8ZYNSPizGJ3CCiF+Z1RxQnGbpXch8
sNhjUikUH6dQzVwhF9fe1TpddY7rfmFt9Z4bXh/IF//eIC+ckVmDeeKnK4TCURWM
mZhMiFZeRDTzAzLXtyBDA9wO0/jdfLY9J6Gop9eCTmNLHRZnqqBX/zdin1v2Tfu2
b5uwf5huCeDbZxTmZKCiJsKX0ZhZp9fLn2zxevpAZx1jPAH/2Kvgv+fYtKjg7q41
7DuIQ7vByxA9aDJ63MimBPhXlhf2ioi/hABJBjabCdFOIsycZmDdZa6q8/1nzpim
Rs3frXiv5OAhkfpI+xOOw1lVG09+PrSIy2l5x+J8TIYTkUR2irh1waK3djzpZsy+
rnLuYBrFmwe7cYo7kWh9v7LSxB4Lic6tBoRafrXfuy3KjSpcXOqueabj5DRPYe8L
6Ct1jOJPO/Zv+5LgtyxOymGBNONeCPmNYNs7J6CNXtFlAt6tEWOT5Lvfp509REbE
8eici6S3aBCTd+WeW9dFjUHeoPhzcy2STpLlgvmjL8LaEcHxqkc8aGqRQG7qNI/4
QMTYpWFbLiS17i8YNL3k
=3ike
-----END PGP SIGNATURE-----
--- End Message ---
