Bug#888006: stretch-pu: package salt/2016.11.2+ds-1
Control: tags -1 + moreinfo
On Mon, 2018-01-22 at 16:45 +0100, Ondřej Nový wrote:
> salt (2016.11.2+ds-1+deb9u1) stretch; urgency=medium
> * Fix CVE-2017-12791: Directory traversal vulnerability on salt-
> master
> via crafted minion IDs (Closes: #872399)
> * Fix CVE-2017-14695: Directory traversal vulnerability in minion
> id
> validation in SaltStack (Closes: #879089)
> * Fix CVE-2017-14696: Remote Denial of Service with a specially
> crafted
> authentication request (Closes: #879090)
> * Check if data[return] is dict type (Closes: #887724)
> * Do not require sphinx-build for cleaning docs (Closes: #851559)
The metadata for #887724 indicates that it currently affects the salt
package in unstable; is that correct?
Regards,
Adam
Reply to: