CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2020/05/01 02:01:08
Modified files:
sysutils/salt : Makefile
Added files:
sysutils/salt/patches: patch-salt_master_py
patch-salt_tokens_localfs_py
patch-salt_utils_verify_py
patch-salt_wheel_config_py
patch-salt_wheel_file_roots_py
Log message:
backport patches for two security issues:
commit f47e4856497231eb672da2ce0df3e641581d47e6
Author: Daniel A. Wozniak <[email protected]>
Date: Mon Apr 13 06:41:04 2020 +0000
Fix CVE-2020-11651
Resolve issue which allows access to un-intended methods in the
ClearFuncs class of the salt-master process
commit 7bd0ab195fbec4f34523dad11149f741c154e2b7
Author: Daniel A. Wozniak <[email protected]>
Date: Mon Apr 13 06:44:58 2020 +0000
Fix CVE-2020-11652
Sanitize paths in ClearFuncs methods provided by salt-master. This
ensures we do not allow access to un-intended files and directories.
ok sthen@, jasper@
