Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e5e6ad54 by Sylvain Beucler at 2021-12-27T17:48:16+01:00
CVE-2021-3197,CVE-2020-28243,CVE-2021-25282,CVE-2021-25284/salt: reference
regression & follow-up reports
for salt/stretch regression & follow-up commits
as requested by apo
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -54264,8 +54264,10 @@ CVE-2021-3197 (An issue was discovered in SaltStack
Salt before 3002.5. The salt
NOTE:
https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
NOTE:
https://github.com/saltstack/salt/commit/5273722c2180c394bc426f731450b95809ca952e
(v3002.3)
NOTE:
https://github.com/saltstack/salt/commit/039b7f3f5713170799363d96e6263c2809e4245c
(v3002.3)
- NOTE: Regression fix
https://github.com/saltstack/salt/commit/51f350fcdf4b14e4f16cedabd743ca23c574a186
- NOTE: Regression fix
https://github.com/saltstack/salt/commit/61d74a7e3bc4dfd6f16a7f123e76d0824059217d
+ NOTE: Regression: https://github.com/saltstack/salt/pull/59664
+ NOTE: Regression fix:
https://github.com/saltstack/salt/commit/51f350fcdf4b14e4f16cedabd743ca23c574a186
+ NOTE: Regression follow-up: https://github.com/saltstack/salt/pull/59748
+ NOTE: Regression follow-up fix:
https://github.com/saltstack/salt/commit/61d74a7e3bc4dfd6f16a7f123e76d0824059217d
CVE-2021-3196 (An issue was discovered in Hitachi ID Bravura Security Fabric
11.0.0 t ...)
NOT-FOR-US: Hitachi ID Bravura Security Fabric
CVE-2021-3195 (** DISPUTED ** bitcoind in Bitcoin Core through 0.21.0 can
create a ne ...)
@@ -55259,8 +55261,10 @@ CVE-2021-25284 (An issue was discovered in through
SaltStack Salt before 3002.5.
[buster] - salt 2018.3.4+dfsg1-6+deb10u3
NOTE:
https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
NOTE:
https://github.com/saltstack/salt/commit/ac2ce3a3a000e428122bc120179e083de95c1de7
(v3002.3)
- NOTE: Regression
https://github.com/saltstack/salt/commit/24d04343b36ffbd4cf63441db13b43363ea57548
- NOTE: Regression
https://github.com/saltstack/salt/commit/e6dd6a482a76e2c82fcc6eeb6df9030e453837c4
+ NOTE: Regression: https://github.com/saltstack/salt/pull/59664
+ NOTE: Regression fix:
https://github.com/saltstack/salt/commit/24d04343b36ffbd4cf63441db13b43363ea57548
+ NOTE: Regression: https://github.com/saltstack/salt/issues/59793
+ NOTE: Regression fix:
https://github.com/saltstack/salt/commit/e6dd6a482a76e2c82fcc6eeb6df9030e453837c4
CVE-2021-25283 (An issue was discovered in through SaltStack Salt before
3002.5. The j ...)
{DLA-2815-1}
- salt 3002.5+dfsg1-1 (bug #983632)
@@ -55273,6 +55277,7 @@ CVE-2021-25282 (An issue was discovered in through
SaltStack Salt before 3002.5.
[buster] - salt 2018.3.4+dfsg1-6+deb10u3
NOTE:
https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
NOTE:
https://github.com/saltstack/salt/commit/aafc5ed6de60403c90201d85963299df351147ec
(v3002.3)
+ NOTE: Regression: https://github.com/saltstack/salt/issues/59935
NOTE: Regression fix:
https://github.com/saltstack/salt/commit/da381954425e1e1d5b807ff1156090847c5d16aa
CVE-2021-25281 (An issue was discovered in through SaltStack Salt before
3002.5. salt- ...)
{DLA-2815-1}
@@ -78514,7 +78519,8 @@ CVE-2020-28243 (An issue was discovered in SaltStack
Salt before 3002.5. The min
NOTE:
https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
NOTE: Introduced by:
https://github.com/saltstack/salt/commit/e02df6fd3ceb605a58e4ac75c06077f52963187a
(v2016.3)
NOTE: Fixed by:
https://github.com/saltstack/salt/commit/61dd6d178b1dae0a1bf884bcd1149003281f8194
(v3002.3)
- NOTE: Hardening:
https://github.com/saltstack/salt/commit/777ffe612e612fb443018c1d7983d4abe4632bb2
(v3002.6)
+ NOTE: Follow-up:
https://github.com/saltstack/salt/commit/777ffe612e612fb443018c1d7983d4abe4632bb2
(v3002.6)
+ NOTE: Follow-up doc:
https://github.com/saltstack/salt/commit/903cfdcf6863b288fa41549bd991da6049962f54
(next commit)
CVE-2020-28242 (An issue was discovered in Asterisk Open Source 13.x before
13.37.1, 1 ...)
- asterisk 1:16.15.0~dfsg-1 (bug #974713)
[buster] - asterisk <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5e6ad54360d418cb5b323275a8a8330f9663889
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5e6ad54360d418cb5b323275a8a8330f9663889
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
