nixpkgs

History

Graham Christensen 379144f54b salt: 2016.3.3 -> 2016.11.2 for multiple CVEs From the Arch Linux advisory: - CVE-2017-5192 (arbitrary code execution): The `LocalClient.cmd_batch()` method client does not accept `external_auth` credentials and so access to it from salt-api has been removed for now. This vulnerability allows code execution for already- authenticated users and is only in effect when running salt-api as the `root` user. - CVE-2017-5200 (arbitrary command execution): Salt-api allows arbitrary command execution on a salt-master via Salt's ssh_client. Users of Salt-API and salt-ssh could execute a command on the salt master via a hole when both systems were enabled.	2017-02-08 21:24:10 -05:00
..
default.nix	salt: 2016.3.3 -> 2016.11.2 for multiple CVEs	2017-02-08 21:24:10 -05:00
fix-libcrypto-loading.patch	salt: fix patch after upstream code change	2016-12-23 12:29:35 +01:00

Graham Christensen 379144f54b

salt: 2016.3.3 -> 2016.11.2 for multiple CVEs

From the Arch Linux advisory:

- CVE-2017-5192 (arbitrary code execution): The
  `LocalClient.cmd_batch()` method client does not accept
  `external_auth` credentials and so access to it from salt-api has
  been removed for now. This vulnerability allows code execution for
  already- authenticated users and is only in effect when running
  salt-api as the `root` user.

- CVE-2017-5200 (arbitrary command execution): Salt-api allows
  arbitrary command execution on a salt-master via Salt's ssh_client.
  Users of Salt-API and salt-ssh could execute a command on the salt
  master via a hole when both systems were enabled.

2017-02-08 21:24:10 -05:00

default.nix

salt: 2016.3.3 -> 2016.11.2 for multiple CVEs

2017-02-08 21:24:10 -05:00

fix-libcrypto-loading.patch

salt: fix patch after upstream code change

2016-12-23 12:29:35 +01:00