Information on source package salt

Available versions

ReleaseVersion
jessie2014.1.13+ds-3
stretch2016.11.2+ds-1
buster2016.11.5+ds-1
sid2016.11.5+ds-1

Open issues

BugjessiestretchbustersidDescription
CVE-2017-8109fixedvulnerable (no DSA)fixedfixedThe salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 ...
CVE-2017-12791vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableDirectory traversal vulnerability in minion id validation in SaltStack ...
CVE-2016-9639vulnerable (no DSA)fixedfixedfixedSalt before 2015.8.11 allows deleted minions to read or write to ...
CVE-2016-3176vulnerable (no DSA)fixedfixedfixedSalt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external ...
CVE-2015-8034vulnerable (no DSA)fixedfixedfixedThe state.sls function in Salt before 2015.8.3 uses weak permissions ...
CVE-2015-6941vulnerable (no DSA)fixedfixedfixedwin_useradd, salt-cloud and the Linode driver in salt 2015.5.x before ...
CVE-2015-6918vulnerable (no DSA)fixedfixedfixedgit module leaks authentication details into log

Resolved issues

BugDescription
CVE-2017-5200salt-api command execution
CVE-2017-5192local_batch client external authentication not respected
CVE-2016-1866Salt 2015.8.x before 2015.8.4 does not properly handle clear messages ...
CVE-2015-4017Salt before 2014.7.6 does not verify certificates when connecting via ...
CVE-2015-1839modules/chef.py in SaltStack before 2014.7.4 does not properly handle ...
CVE-2015-1838modules/serverdensity_device.py in SaltStack before 2014.7.4 does not ...
CVE-2014-3563Multiple unspecified vulnerabilities in Salt (aka SaltStack) before ...
CVE-2013-6617The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not ...
CVE-2013-4439Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote ...
CVE-2013-4438Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute ...
CVE-2013-4437Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 ...
CVE-2013-4436The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 ...
CVE-2013-4435Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated ...
CVE-2013-2228RSA exponent of 1

Search for package or bug name: Reporting problems