Debian Package Tracker
Register | Log in
Subscribe

salt

Choose email to subscribe with

general
  • source: salt (main)
  • version: 3004.1+dfsg-2
  • maintainer: Debian Salt Team (archive) (DMD)
  • uploaders: Benjamin Drung [DMD] – Andriy Senkovych [DMD] – Joe Healy [DMD] – Franklin G Mendoza [DMD] – Ondřej Nový [DMD]
  • arch: all
  • std-ver: 4.6.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 2016.11.2+ds-1+deb9u4
  • o-o-sec: 2016.11.2+ds-1+deb9u10
  • oldstable: 2018.3.4+dfsg1-6+deb10u2
  • old-sec: 2018.3.4+dfsg1-6+deb10u3
  • stable: 3002.6+dfsg1-4+deb11u1
  • stable-sec: 3002.6+dfsg1-4+deb11u1
  • unstable: 3004.1+dfsg-2
versioned links
  • 2016.11.2+ds-1+deb9u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2016.11.2+ds-1+deb9u10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2018.3.4+dfsg1-6+deb10u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2018.3.4+dfsg1-6+deb10u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3002.6+dfsg1-4+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3004.1+dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • salt-api (2 bugs: 0, 2, 0, 0)
  • salt-cloud (1 bugs: 0, 1, 0, 0)
  • salt-common (1 bugs: 0, 1, 0, 0)
  • salt-doc
  • salt-master (2 bugs: 0, 2, 0, 0)
  • salt-minion (1 bugs: 0, 0, 1, 0)
  • salt-proxy
  • salt-ssh (3 bugs: 0, 3, 0, 0)
  • salt-syndic
action needed
A new upstream version is available: 3005~rc2 high
A new upstream version 3005~rc2 is available, you should consider packaging it.
Created: 2022-06-23 Last update: 2022-08-16 03:34
1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:
  • CVE-2022-22967: An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an active session and salt-api users that authenticate via PAM eauth.
Created: 2022-07-04 Last update: 2022-08-01 13:40
5 security issues in buster high

There are 5 open security issues in buster.

5 important issues:
  • CVE-2022-22934: An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data.
  • CVE-2022-22935: An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master.
  • CVE-2022-22936: An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A sufficient craft attacker could gain root access on minion under certain scenarios.
  • CVE-2022-22941: An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid, allowing configured users to target any of the minions connected to the syndic with their configured commands. This requires a syndic master combined with publisher_acl configured on the Master-of-Masters, allowing users specified in the publisher_acl to bypass permissions, publishing authorized commands to any configured minion.
  • CVE-2022-22967: An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an active session and salt-api users that authenticate via PAM eauth.
Created: 2022-07-04 Last update: 2022-08-01 13:40
5 security issues in bullseye high

There are 5 open security issues in bullseye.

5 important issues:
  • CVE-2022-22934: An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data.
  • CVE-2022-22935: An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master.
  • CVE-2022-22936: An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A sufficient craft attacker could gain root access on minion under certain scenarios.
  • CVE-2022-22941: An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid, allowing configured users to target any of the minions connected to the syndic with their configured commands. This requires a syndic master combined with publisher_acl configured on the Master-of-Masters, allowing users specified in the publisher_acl to bypass permissions, publishing authorized commands to any configured minion.
  • CVE-2022-22967: An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an active session and salt-api users that authenticate via PAM eauth.
Created: 2022-07-04 Last update: 2022-08-01 13:40
lintian reports 1 error and 6 warnings high
Lintian reports 1 error and 6 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2022-01-01 Last update: 2022-07-30 12:17
The package has not entered testing even though the delay is over normal
The package has not entered testing even though the 2-day delay is over. Check why.
Created: 2022-07-01 Last update: 2022-08-16 06:05
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.6.0).
Created: 2022-05-11 Last update: 2022-05-11 23:25
testing migrations
  • excuses:
    • Migration status for salt (- to 3004.1+dfsg-2): BLOCKED: Rejected/violates migration policy/introduces a regression
    • Issues preventing migration:
    • ∙ ∙ Updating salt would introduce bugs in testing: #1013872
    • Additional info:
    • ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/s/salt.html
    • ∙ ∙ autopkgtest for salt/3004.1+dfsg-2: amd64: Pass, arm64: Pass, armel: Pass, armhf: Pass, i386: Pass, ppc64el: Pass, s390x: Pass
    • ∙ ∙ Required age reduced by 3 days because of autopkgtest
    • ∙ ∙ 122 days old (needed 2 days)
    • Not considered
news
[rss feed]
  • [2022-07-02] salt REMOVED from testing (Debian testing watch)
  • [2022-04-18] salt 3004.1+dfsg-2 MIGRATED to testing (Debian testing watch)
  • [2022-04-16] Accepted salt 3004.1+dfsg-2 (source) into unstable (Benjamin Drung)
  • [2022-04-16] Accepted salt 3004.1+dfsg-1 (source) into unstable (Benjamin Drung)
  • [2022-04-05] salt REMOVED from testing (Debian testing watch)
  • [2022-02-18] salt 3004+dfsg1-10 MIGRATED to testing (Debian testing watch)
  • [2022-02-16] Accepted salt 3004+dfsg1-10 (source) into unstable (Benjamin Drung)
  • [2022-02-14] Accepted salt 3004+dfsg1-9 (source) into unstable (Benjamin Drung)
  • [2022-02-09] salt 3004+dfsg1-8 MIGRATED to testing (Debian testing watch)
  • [2022-02-07] Accepted salt 3004+dfsg1-8 (source) into unstable (Benjamin Drung)
  • [2022-02-02] Accepted salt 3004+dfsg1-7 (source) into unstable (Benjamin Drung)
  • [2022-01-16] salt 3004+dfsg1-6 MIGRATED to testing (Debian testing watch)
  • [2022-01-13] Accepted salt 3004+dfsg1-6 (source) into unstable (Benjamin Drung)
  • [2022-01-13] Accepted salt 3004+dfsg1-5 (source) into unstable (Benjamin Drung)
  • [2022-01-03] Accepted salt 2016.11.2+ds-1+deb9u10 (source) into oldoldstable (Sylvain Beucler)
  • [2021-11-21] Accepted salt 3002.6+dfsg1-4+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Markus Koschany)
  • [2021-11-21] Accepted salt 2016.11.2+ds-1+deb9u9 (source) into oldoldstable (Markus Koschany)
  • [2021-11-20] salt 3004+dfsg1-4 MIGRATED to testing (Debian testing watch)
  • [2021-11-19] Accepted salt 2016.11.2+ds-1+deb9u8 (source) into oldoldstable (Markus Koschany)
  • [2021-11-19] Accepted salt 2018.3.4+dfsg1-6+deb10u3 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Markus Koschany)
  • [2021-11-19] Accepted salt 2018.3.4+dfsg1-6+deb10u3 (source) into oldstable->embargoed, oldstable (Debian FTP Masters) (signed by: Markus Koschany)
  • [2021-11-19] Accepted salt 3002.6+dfsg1-4+deb11u1 (source) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Markus Koschany)
  • [2021-11-17] Accepted salt 3004+dfsg1-4 (source) into unstable (Benjamin Drung)
  • [2021-11-16] Accepted salt 3004+dfsg1-3 (source) into unstable (Benjamin Drung)
  • [2021-11-12] salt 3004+dfsg1-2 MIGRATED to testing (Debian testing watch)
  • [2021-11-10] Accepted salt 2016.11.2+ds-1+deb9u7 (source) into oldoldstable (Markus Koschany)
  • [2021-11-03] Accepted salt 3004+dfsg1-2 (source) into unstable (Benjamin Drung)
  • [2021-11-02] Accepted salt 3004+dfsg1-1 (source) into unstable (Benjamin Drung)
  • [2021-10-16] salt 3002.7+dfsg1-1 MIGRATED to testing (Debian testing watch)
  • [2021-10-13] Accepted salt 3002.7+dfsg1-1 (source) into unstable (Benjamin Drung)
  • 1
  • 2
bugs [bug history graph]
  • all: 11
  • RC: 1
  • I&N: 9
  • M&W: 1
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian (1, 6)
  • buildd: logs, clang
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 3004.1+dfsg-2
  • 11 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing