Author: carnil
Date: 2016-01-03 13:18:00 +0000 (Sun, 03 Jan 2016)
New Revision: 38663

Modified:
   data/CVE/list
Log:
Mark CVE-2015-8034/salt as no-dsa

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-01-03 12:08:31 UTC (rev 38662)
+++ data/CVE/list       2016-01-03 13:18:00 UTC (rev 38663)
@@ -4572,6 +4572,10 @@
 CVE-2015-8034 [information leak from state.sls cache data stored as 
world-readable]
        RESERVED
        - salt 2015.8.3+ds-1 (bug #807356)
+       [jessie] - salt <no-dsa> (Minor issue)
+       NOTE: For jessie: /var/cache/salt/minion is created with restricted 
permissions on
+       NOTE: first start of salt-minion in verify_env mitigating the issue, cf.
+       NOTE: 
https://sources.debian.net/src/salt/2014.1.13%2Bds-3/salt/utils/verify.py/#L207
        NOTE: 
https://github.com/cachedout/salt/commit/097838ec0c52b1e96f7f761e5fb3cd7e79808741
        NOTE: https://github.com/saltstack/salt/issues/28455
 CVE-2014-9755


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to