Bug#985085: marked as done (salt: CVE-2021-25315)

Wed, 14 Apr 2021 16:39:19 -0700 

Your message dated Wed, 14 Apr 2021 19:30:54 -0400
with message-id <20210414233054.3iixe6ladxahv...@casagrau.org>
and subject line Re: [Pkg-salt-team] Bug#985085: plan to lower Severity
has caused the Debian Bug report #985085,
regarding salt: CVE-2021-25315
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
985085: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985085
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: salt
Version: 2016.11.2+ds-1+deb9u6 2018.3.4+dfsg1-6+deb10u2 3002.5+dfsg1-1
Severity: normal
Tags: patch security upstream
X-Debbugs-Cc: hostmast...@hostsharing.net, Debian Security Team 
<t...@security.debian.org>, Debian Security Team <t...@security.debian.org>

Hi,

The following vulnerability was published for salt.

CVE-2021-25315:
A Incorrect Implementation of Authentication Algorithm vulnerability

Maybe the following patch solves that issue:
https://bugzilla.suse.com/show_bug.cgi?id=1182382

It would be nice to have a backport to buster as well fixes
according to
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983632 doe buster
and stretch as well.

Thanks in advance

-- 
  Elimar

--- End Message ---
--- Begin Message --- 
On Tue, Apr 13, 2021 at 05:33:17PM +0200, Moritz Mühlenhoff wrote:
> Am Tue, Apr 13, 2021 at 10:27:04AM -0400 schrieb Federico Grau:
> > Hello Debian Security Team,
> > 
> > I wanted to make sure you were aware of my findings and intents with 
> > #985085.
> > Planning to lower that bug's Severity this week.
> > 
> >     https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985085#28
> 
> If it has been confirmed that this is SuSE-specific, then simply close it
> rather than downgrading the severity, no need to keep it lingering around :-)
> 

Thank you for the feedback.  Closing out #985085 as it is a SuSE-specific CVE,
and does not apply to any Debian version of Salt.

donfede

Attachment: signature.asc
Description: PGP signature


--- End Message ---

Reply via email to