JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
379144f54b
nixpkgs/pkgs/tools
History
Graham Christensen 379144f54b
salt: 2016.3.3 -> 2016.11.2 for multiple CVEs 
From the Arch Linux advisory:

- CVE-2017-5192 (arbitrary code execution): The
  `LocalClient.cmd_batch()` method client does not accept
  `external_auth` credentials and so access to it from salt-api has
  been removed for now. This vulnerability allows code execution for
  already- authenticated users and is only in effect when running
  salt-api as the `root` user.

- CVE-2017-5200 (arbitrary command execution): Salt-api allows
  arbitrary command execution on a salt-master via Salt's ssh_client.
  Users of Salt-API and salt-ssh could execute a command on the salt
  master via a hole when both systems were enabled.
2017-02-08 21:24:10 -05:00
..
admin salt: 2016.3.3 -> 2016.11.2 for multiple CVEs 2017-02-08 21:24:10 -05:00
archivers Merge pull request #21231 from abbradar/no-fmod 2016-12-18 00:29:46 +03:00
audio Merge branch 'master' into staging 2017-01-26 16:49:41 +01:00
backup tarsnap: macOS 2017-02-06 05:21:19 +03:00
bluetooth blueman: use "with" expression for variable 2016-12-04 15:14:06 +01:00
bootloaders/refind refind: refactorings 2016-09-01 14:51:32 +02:00
cd-dvd dvdisaster: fix broken make discovery 2017-01-19 17:06:51 +01:00
compression gzip: xz.bin should be native input---accidentally worked because bin (#21887) 2017-01-14 19:21:10 +01:00
filesystems glusterfs: 3.9.0 -> 3.9.1 2017-02-02 11:12:16 +01:00
graphics Merge pull request #22285 from nand0p/electricsheep 2017-02-07 10:20:20 +01:00
inputmethods ibus-engines.uniemoji: 2016-09-20 -> 0.6.0 2016-10-16 01:42:09 +03:00
misc autorevision: use sed word delimiters for better precision 2017-02-07 17:12:25 +01:00
networking networkmanager_strongswan: 1.4.0 -> 1.4.1 2017-02-07 16:12:27 +01:00
package-management Merge pull request #22374 from peterhoeg/f/ruby-tar 2017-02-04 15:27:32 +01:00
security minisign: 0.6 -> 0.7 2017-02-05 22:57:24 +01:00
system fio: 2.12 -> 2.17 2017-02-06 22:34:28 +02:00
text Merge pull request #22477 from peterhoeg/f/kdiff3 2017-02-06 11:21:31 -06:00
typesetting Remove myself from maintainers 2017-01-31 11:00:14 +01:00
video treewide: Fix more 'lib.optional' misuses 2016-10-02 00:44:10 +03:00
virtualization euca2ools: use python2 2016-11-24 22:28:02 +01:00
X11 wmutils-opt: init at v1.0 2017-01-30 20:42:16 +00:00