Register | Log in

salt

Choose email to subscribe with

general

source: salt (main)
version: 2018.3.4+dfsg1-6
maintainer: Debian Salt Team (archive) [DMD]
uploaders: Benjamin Drung [DMD] – Ondřej Nový [DMD] – Andriy Senkovych [DMD] – Franklin G Mendoza [DMD] – Joe Healy [DMD] [dm]
arch: all
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 2014.1.13+ds-3
stable: 2016.11.2+ds-1+deb9u2
testing: 2018.3.4+dfsg1-6
unstable: 2018.3.4+dfsg1-6

versioned links

2014.1.13+ds-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2016.11.2+ds-1+deb9u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2018.3.4+dfsg1-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

salt-api (1 bugs: 0, 1, 0, 0)
salt-cloud
salt-common
salt-doc
salt-master (2 bugs: 0, 2, 0, 0)
salt-minion (1 bugs: 0, 0, 1, 0)
salt-proxy
salt-ssh
salt-syndic

action needed

A new upstream version is available: 2019.2.0 high

A new upstream version 2019.2.0 is available, you should consider packaging it.

Created: 2019-03-28 Last update: 2019-06-20 09:10

3 security issues in stretch high

There are 3 open security issues in stretch.

1 important issue:

CVE-2018-15751: SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).

2 issues skipped by the security teams:

CVE-2018-15750: Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.
CVE-2017-7893: In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master.

Please fix them.

Created: 2017-04-26 Last update: 2019-05-28 06:02

Depends on packages which need a new maintainer normal

The packages that salt depends on which need a new maintainer are:

lsb (#924519)
- Depends: lsb-base lsb-base lsb-base lsb-base
- Recommends: lsb-release

Created: 2019-03-13 Last update: 2019-06-20 13:41

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2019-05-28 Last update: 2019-06-20 09:01

9 ignored security issues in jessie low

There are 9 open security issues in jessie.

9 issues skipped by the security teams:

CVE-2015-6918: salt before 2015.5.5 leaks git usernames and passwords to the log.
CVE-2015-6941: win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs.
CVE-2017-14696: SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request.
CVE-2017-12791: Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.
CVE-2016-9639: Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.
CVE-2015-8034: The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.
CVE-2017-14695: Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791.
CVE-2016-3176: Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.
CVE-2017-7893: In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master.

Please fix them.

Created: 2015-10-27 Last update: 2019-05-28 06:02

news

[2019-05-28] salt 2018.3.4+dfsg1-6 MIGRATED to testing (Debian testing watch)
[2019-05-25] Accepted salt 2018.3.4+dfsg1-6 (source) into unstable (Benjamin Drung)
[2019-05-02] Accepted salt 2018.3.4+dfsg1-5 (source) into unstable (Benjamin Drung)
[2019-04-26] Accepted salt 2018.3.4+dfsg1-4 (source) into unstable (Benjamin Drung)
[2019-04-25] Accepted salt 2018.3.4+dfsg1-3 (source) into unstable (Benjamin Drung)
[2019-04-17] Accepted salt 2018.3.4+dfsg1-2 (source) into unstable (Benjamin Drung)
[2019-04-05] Accepted salt 2018.3.4+dfsg1-1 (source) into unstable (Benjamin Drung)
[2019-02-11] salt 2018.3.4~git20180207+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2019-02-08] Accepted salt 2018.3.4~git20180207+dfsg1-1 (source) into unstable (Benjamin Drung)
[2019-01-10] salt 2018.3.3+dfsg1-2 MIGRATED to testing (Debian testing watch)
[2019-01-07] Accepted salt 2018.3.3+dfsg1-2 (source) into unstable (Benjamin Drung)
[2018-12-21] Accepted salt 2018.3.3+dfsg1-1 (source all) into unstable (Benjamin Drung)
[2018-07-08] Accepted salt 2016.11.2+ds-1+deb9u2 (source all) into proposed-updates->stable-new, proposed-updates (Ondřej Nový)
[2018-05-19] salt REMOVED from testing (Debian testing watch)
[2018-05-03] salt 2017.7.4+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2018-05-02] salt REMOVED from testing (Debian testing watch)
[2018-03-13] salt 2017.7.4+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2018-03-05] Accepted salt 2017.7.4+dfsg1-1 (source) into unstable (Benjamin Drung)
[2018-03-02] Accepted salt 2016.11.2+ds-1+deb9u1 (source all) into proposed-updates->stable-new, proposed-updates (Ondřej Nový)
[2018-02-21] Accepted salt 2017.7.3+dfsg1-1 (source) into unstable (Benjamin Drung)
[2018-02-05] Accepted salt 2017.7.2+dfsg1-2 (source all) into unstable, unstable (Benjamin Drung)
[2018-01-25] Accepted salt 2017.7.2+dfsg1-1 (source) into unstable (Benjamin Drung)
[2018-01-21] salt 2016.11.8+dfsg1-2 MIGRATED to testing (Debian testing watch)
[2018-01-15] Accepted salt 2016.11.8+dfsg1-2 (source) into unstable (Ondřej Nový)
[2017-12-16] salt 2016.11.8+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2017-12-11] Accepted salt 2016.11.8+dfsg1-1 (source) into unstable (Ondřej Nový)
[2017-10-01] salt REMOVED from testing (Debian testing watch)
[2017-06-20] salt 2016.11.5+ds-1 MIGRATED to testing (Debian testing watch)
[2017-05-29] Accepted salt 2016.11.2+ds-1~bpo8+1 (source all) into jessie-backports->backports-policy, jessie-backports (Al Nikolov)
[2017-05-26] Accepted salt 2016.11.5+ds-1 (source) into unstable (Benjamin Drung)

1
2

bugs [bug history graph]

all: 4
RC: 0
I&N: 3
M&W: 1
F&P: 0
patch: 0

links

homepage
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2018.3.4+dfsg1-6
6 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing