Bug#959684: salt: CVE-2020-11651 and CVE-2020-11652

There are official patches from saltstack available here: 2018.3.x 2017.7.x 2016.x.x I requested them via

Bug#949222: Bug#959684: salt: CVE-2020-11651 and CVE-2020-11652

On Tue, 05 May 2020 at 17:37:53 +0200, Salvatore Bonaccorso wrote: > Do you have respective stretch and buster setups which you could > expose those packages to? Sorry, no: the owner of the machines I was looking at asked me to switch over to upstream's packages. smcv

Bug#959684: Bug#949222: Bug#959684: salt: CVE-2020-11651 and CVE-2020-11652

Hi Simon, On Tue, May 05, 2020 at 03:01:45PM +0100, Simon McVittie wrote: > On Mon, 04 May 2020 at 01:34:33 +0200, Guilhem Moulin wrote: > > CVE-2020-11651 > > CVE-2020-11652 > > I found myself needing to mitigate this for a salt deployment, so I > tried backporting the upstream patches to

Bug#949222: Bug#959684: salt: CVE-2020-11651 and CVE-2020-11652

On Mon, 04 May 2020 at 01:34:33 +0200, Guilhem Moulin wrote: > CVE-2020-11651 > CVE-2020-11652 I found myself needing to mitigate this for a salt deployment, so I tried backporting the upstream patches to buster. The attached are not at all thoroughly-tested and should be reviewed carefully

Bug#959684: salt: CVE-2020-11651 and CVE-2020-11652

Source: salt Version: 2018.3.4+dfsg1-6 Severity: grave Tags: security upstream Justification: user security hole Control: found -1 2018.3.4+dfsg1-6 Control: found -1 2016.11.2+ds-1+deb9u2 Control: found -1 2014.1.13+ds-3 Control: notfound -1 3000.2+dfsg1-1 Dear Maintainer, These CVEs were