Debian Package Tracker

general

source: salt (main)
version: 2018.3.4+dfsg1-2
maintainer: Debian Salt Team (archive) [DMD]
uploaders: Andriy Senkovych [DMD] – Joe Healy [DMD] [dm] – Franklin G Mendoza [DMD] – Ondřej Nový [DMD] – Benjamin Drung [DMD]
arch: all
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 2014.1.13+ds-3
stable: 2016.11.2+ds-1+deb9u2
testing: 2018.3.4~git20180207+dfsg1-1
unstable: 2018.3.4+dfsg1-2

versioned links

2014.1.13+ds-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2016.11.2+ds-1+deb9u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2018.3.4~git20180207+dfsg1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2018.3.4+dfsg1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

salt-api
salt-cloud
salt-common
salt-doc
salt-master
salt-minion
salt-proxy
salt-ssh
salt-syndic

action needed

Debci reports failed tests (log) high

Debci reports test failures (log).

The tests ran in 0h 1m 14s

Last run: 2019-04-19 14:27:49

Previous status: fail

Created: 2019-02-22 Last update: 2019-04-21 01:06

Marked for autoremoval on 03 May: #919849 high

Version 2018.3.4~git20180207+dfsg1-1 of salt is marked for autoremoval from testing on Fri 03 May 2019. It is affected by #919849. You should try to prevent the removal by fixing these RC bugs.

Created: 2019-04-18 Last update: 2019-04-21 01:02

A new upstream version is available: 2019.2.0 high

A new upstream version 2019.2.0 is available, you should consider packaging it.

Created: 2019-03-28 Last update: 2019-04-20 23:08

3 security issues in stretch high

There are 3 open security issues in stretch.

1 important issue:

CVE-2018-15751: SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).

2 issues skipped by the security teams:

CVE-2018-15750: Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.
CVE-2017-7893: In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master.

Please fix them.

Created: 2017-04-26 Last update: 2019-04-18 00:05

Depends on packages which need a new maintainer normal

The packages that salt depends on which need a new maintainer are:

lsb (#924519)
- Depends: lsb-base lsb-base lsb-base lsb-base
- Recommends: lsb-release

Created: 2019-03-13 Last update: 2019-04-20 23:01

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2019-02-12 Last update: 2019-04-20 20:31

lintian reports 2 warnings normal

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2019-03-16 Last update: 2019-03-16 05:39

9 ignored security issues in jessie low

There are 9 open security issues in jessie.

9 issues skipped by the security teams:

CVE-2017-14695: Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791.
CVE-2015-6941: win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs.
CVE-2015-8034: The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.
CVE-2016-9639: Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.
CVE-2017-12791: Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.
CVE-2015-6918: salt before 2015.5.5 leaks git usernames and passwords to the log.
CVE-2017-7893: In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master.
CVE-2017-14696: SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request.
CVE-2016-3176: Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.

Please fix them.

Created: 2015-10-27 Last update: 2019-04-18 00:05

testing migrations

excuses:
- Too young, only 3 of 5 days old
- Piuparts tested OK - https://piuparts.debian.org/sid/source/s/salt.html
- Checking build-dependency on amd64
- Checking build-dependency (indep) on amd64
- Not touching package due to block request by freeze (please contact debian-release if update is needed)
- Not considered

news

[rss feed]

[2019-04-17] Accepted salt 2018.3.4+dfsg1-2 (source) into unstable (Benjamin Drung)
[2019-04-05] Accepted salt 2018.3.4+dfsg1-1 (source) into unstable (Benjamin Drung)
[2019-02-11] salt 2018.3.4~git20180207+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2019-02-08] Accepted salt 2018.3.4~git20180207+dfsg1-1 (source) into unstable (Benjamin Drung)
[2019-01-10] salt 2018.3.3+dfsg1-2 MIGRATED to testing (Debian testing watch)
[2019-01-07] Accepted salt 2018.3.3+dfsg1-2 (source) into unstable (Benjamin Drung)
[2018-12-21] Accepted salt 2018.3.3+dfsg1-1 (source all) into unstable (Benjamin Drung)
[2018-07-08] Accepted salt 2016.11.2+ds-1+deb9u2 (source all) into proposed-updates->stable-new, proposed-updates (Ondřej Nový)
[2018-05-19] salt REMOVED from testing (Debian testing watch)
[2018-05-03] salt 2017.7.4+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2018-05-02] salt REMOVED from testing (Debian testing watch)
[2018-03-13] salt 2017.7.4+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2018-03-05] Accepted salt 2017.7.4+dfsg1-1 (source) into unstable (Benjamin Drung)
[2018-03-02] Accepted salt 2016.11.2+ds-1+deb9u1 (source all) into proposed-updates->stable-new, proposed-updates (Ondřej Nový)
[2018-02-21] Accepted salt 2017.7.3+dfsg1-1 (source) into unstable (Benjamin Drung)
[2018-02-05] Accepted salt 2017.7.2+dfsg1-2 (source all) into unstable, unstable (Benjamin Drung)
[2018-01-25] Accepted salt 2017.7.2+dfsg1-1 (source) into unstable (Benjamin Drung)
[2018-01-21] salt 2016.11.8+dfsg1-2 MIGRATED to testing (Debian testing watch)
[2018-01-15] Accepted salt 2016.11.8+dfsg1-2 (source) into unstable (Ondřej Nový)
[2017-12-16] salt 2016.11.8+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2017-12-11] Accepted salt 2016.11.8+dfsg1-1 (source) into unstable (Ondřej Nový)
[2017-10-01] salt REMOVED from testing (Debian testing watch)
[2017-06-20] salt 2016.11.5+ds-1 MIGRATED to testing (Debian testing watch)
[2017-05-29] Accepted salt 2016.11.2+ds-1~bpo8+1 (source all) into jessie-backports->backports-policy, jessie-backports (Al Nikolov)
[2017-05-26] Accepted salt 2016.11.5+ds-1 (source) into unstable (Benjamin Drung)
[2017-04-22] salt 2016.11.2+ds-1 MIGRATED to testing (Debian testing watch)
[2017-02-01] Accepted salt 2016.11.2+ds-1 (source) into unstable (Benjamin Drung)
[2017-01-29] Accepted salt 2016.11.1+ds-1~bpo8+1 (source all) into jessie-backports (Al Nikolov)
[2017-01-03] salt 2016.11.1+ds-1 MIGRATED to testing (Debian testing watch)
[2016-12-23] Accepted salt 2016.11.1+ds-1 (source) into unstable (Benjamin Drung)

bugs [bug history graph]

all: 4
RC: 1
I&N: 2
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian (0, 2)
buildd: logs, clang, reproducibility
popcon
debci
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2018.3.4~git20180207+dfsg1-1
11 bugs