Debian Package Tracker

general

source: salt (main)
version: 2018.3.4+dfsg1-6
maintainer: Debian Salt Team (archive) (DMD)
uploaders: Benjamin Drung [DMD] – Ondřej Nový [DMD] – Andriy Senkovych [DMD] – Franklin G Mendoza [DMD] – Joe Healy [DMD] [DM]
arch: all
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2014.1.13+ds-3
oldstable: 2016.11.2+ds-1+deb9u2
stable: 2018.3.4+dfsg1-6
testing: 2018.3.4+dfsg1-6
unstable: 2018.3.4+dfsg1-6

versioned links

2014.1.13+ds-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2016.11.2+ds-1+deb9u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2018.3.4+dfsg1-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

salt-api (1 bugs: 0, 1, 0, 0)
salt-cloud
salt-common
salt-doc
salt-master (2 bugs: 0, 2, 0, 0)
salt-minion (1 bugs: 0, 0, 1, 0)
salt-proxy
salt-ssh (2 bugs: 0, 2, 0, 0)
salt-syndic

action needed

Marked for autoremoval on 06 September due to pyroute2: #933922, #932882 high

Version 2018.3.4+dfsg1-6 of salt is marked for autoremoval from testing on Fri 06 Sep 2019. It is affected by #933922. It depends (transitively) on pyroute2, affected by #932882. You should try to prevent the removal by fixing these RC bugs.

Created: 2019-07-27 Last update: 2019-08-20 18:08

Debci reports failed tests high

unstable: fail (log)
The tests ran in 0h 9m 3s
Last run: 2019-08-19 20:06:51
Previous status: fail

testing: fail (log)
The tests ran in 0h 7m 46s
Last run: 2019-08-19 18:19:07
Previous status: fail

stable: neutral (log)
The tests ran in 0h 0m 21s
Last run: 2019-04-29 14:42:55
Previous status: unknown

Created: 2019-08-08 Last update: 2019-08-20 17:33

A new upstream version is available: 2019.2.0 high

A new upstream version 2019.2.0 is available, you should consider packaging it.

Created: 2019-03-28 Last update: 2019-08-20 12:15

4 security issues in stretch high

There are 4 open security issues in stretch.

2 important issues:

CVE-2019-1010259: SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt. The attack vector is: specially crafted password string. The fixed version is: 2018.3.4.
CVE-2018-15751: SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).

2 issues skipped by the security teams:

CVE-2017-7893: In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master.
CVE-2018-15750: Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.

Please fix them.

Created: 2017-04-26 Last update: 2019-08-18 22:13

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2019-05-28 Last update: 2019-08-20 18:11

9 ignored security issues in jessie low

There are 9 open security issues in jessie.

9 issues skipped by the security teams:

CVE-2016-3176: Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.
CVE-2015-6918: salt before 2015.5.5 leaks git usernames and passwords to the log.
CVE-2017-14695: Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791.
CVE-2017-12791: Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.
CVE-2016-9639: Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.
CVE-2015-8034: The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.
CVE-2015-6941: win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs.
CVE-2017-7893: In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master.
CVE-2017-14696: SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request.

Please fix them.

Created: 2015-10-27 Last update: 2019-08-18 22:13

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.0 instead of 4.3.0).

Created: 2019-07-08 Last update: 2019-07-08 20:08

news

[rss feed]

[2019-05-28] salt 2018.3.4+dfsg1-6 MIGRATED to testing (Debian testing watch)
[2019-05-25] Accepted salt 2018.3.4+dfsg1-6 (source) into unstable (Benjamin Drung)
[2019-05-02] Accepted salt 2018.3.4+dfsg1-5 (source) into unstable (Benjamin Drung)
[2019-04-26] Accepted salt 2018.3.4+dfsg1-4 (source) into unstable (Benjamin Drung)
[2019-04-25] Accepted salt 2018.3.4+dfsg1-3 (source) into unstable (Benjamin Drung)
[2019-04-17] Accepted salt 2018.3.4+dfsg1-2 (source) into unstable (Benjamin Drung)
[2019-04-05] Accepted salt 2018.3.4+dfsg1-1 (source) into unstable (Benjamin Drung)
[2019-02-11] salt 2018.3.4~git20180207+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2019-02-08] Accepted salt 2018.3.4~git20180207+dfsg1-1 (source) into unstable (Benjamin Drung)
[2019-01-10] salt 2018.3.3+dfsg1-2 MIGRATED to testing (Debian testing watch)
[2019-01-07] Accepted salt 2018.3.3+dfsg1-2 (source) into unstable (Benjamin Drung)
[2018-12-21] Accepted salt 2018.3.3+dfsg1-1 (source all) into unstable (Benjamin Drung)
[2018-07-08] Accepted salt 2016.11.2+ds-1+deb9u2 (source all) into proposed-updates->stable-new, proposed-updates (Ondřej Nový)
[2018-05-19] salt REMOVED from testing (Debian testing watch)
[2018-05-03] salt 2017.7.4+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2018-05-02] salt REMOVED from testing (Debian testing watch)
[2018-03-13] salt 2017.7.4+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2018-03-05] Accepted salt 2017.7.4+dfsg1-1 (source) into unstable (Benjamin Drung)
[2018-03-02] Accepted salt 2016.11.2+ds-1+deb9u1 (source all) into proposed-updates->stable-new, proposed-updates (Ondřej Nový)
[2018-02-21] Accepted salt 2017.7.3+dfsg1-1 (source) into unstable (Benjamin Drung)
[2018-02-05] Accepted salt 2017.7.2+dfsg1-2 (source all) into unstable, unstable (Benjamin Drung)
[2018-01-25] Accepted salt 2017.7.2+dfsg1-1 (source) into unstable (Benjamin Drung)
[2018-01-21] salt 2016.11.8+dfsg1-2 MIGRATED to testing (Debian testing watch)
[2018-01-15] Accepted salt 2016.11.8+dfsg1-2 (source) into unstable (Ondřej Nový)
[2017-12-16] salt 2016.11.8+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2017-12-11] Accepted salt 2016.11.8+dfsg1-1 (source) into unstable (Ondřej Nový)
[2017-10-01] salt REMOVED from testing (Debian testing watch)
[2017-06-20] salt 2016.11.5+ds-1 MIGRATED to testing (Debian testing watch)
[2017-05-29] Accepted salt 2016.11.2+ds-1~bpo8+1 (source all) into jessie-backports->backports-policy, jessie-backports (Al Nikolov)
[2017-05-26] Accepted salt 2016.11.5+ds-1 (source) into unstable (Benjamin Drung)

bugs [bug history graph]

all: 7
RC: 1
I&N: 5
M&W: 1
F&P: 0
patch: 0

links

homepage
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2018.3.4+dfsg1-6
6 bugs