Commit Graph

9 Commits

Author SHA1 Message Date
Graham Christensen
379144f54b
salt: 2016.3.3 -> 2016.11.2 for multiple CVEs
From the Arch Linux advisory:

- CVE-2017-5192 (arbitrary code execution): The
  `LocalClient.cmd_batch()` method client does not accept
  `external_auth` credentials and so access to it from salt-api has
  been removed for now. This vulnerability allows code execution for
  already- authenticated users and is only in effect when running
  salt-api as the `root` user.

- CVE-2017-5200 (arbitrary command execution): Salt-api allows
  arbitrary command execution on a salt-master via Salt's ssh_client.
  Users of Salt-API and salt-ssh could execute a command on the salt
  master via a hole when both systems were enabled.
2017-02-08 21:24:10 -05:00
Robin Gloster
c8982c015c
salt: fix patch after upstream code change
fixes #20458
2016-12-23 12:29:35 +01:00
Aneesh Agrawal
1d9a98cae0 salt: use Python 2 2016-10-18 23:14:36 +02:00
Aneesh Agrawal
7b7d8ddbca salttesting: remove unused package
It was added as a dependency of Salt, which no longer depends on it.
2016-09-27 13:34:22 -04:00
Aneesh Agrawal
34b5d639c6 SaltTesting: 2015.7.10 -> 2016.9.7 2016-09-23 20:33:36 -04:00
Aneesh Agrawal
f61b23cd23 salt: 2015.8.8 -> 2016.3.3 2016-09-23 20:31:20 -04:00
Tuomas Tynkkynen
b61fbf3132 treewide: Fix output references to openssl 2016-08-23 04:53:27 +03:00
Frederik Rietdijk
d5e6a4494a Python: use PyPI mirror (#15001)
* mirrors: add pypi

* Python: Use pypi mirror for all PyPI packages
2016-04-26 13:38:03 +01:00
Aneesh Agrawal
270c0eb097 salt: init at 2015.8.8
Also init salttesting at 2015.7.10 as a build dependency.
2016-04-02 19:37:38 -04:00