Date: Sun, 06 Dec 2015 07:56:05 -0500 From: Jason Unovitch <jason.unovitch@gmail.com> To: Dryice Dong Liu <dryice@FreeBSD.org>, ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Cc: Christer Edwards <christer.edwards@gmail.com> Subject: Re: svn commit: r403109 - head/sysutils/py-salt Message-ID: <1F51213D-8A3E-4BD3-AA75-255528C320B8@FreeBSD.org> In-Reply-To: <201512061234.tB6CYJoW081152@repo.freebsd.org> References: <201512061234.tB6CYJoW081152@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On December 6, 2015 7:34:19 AM EST, Dryice Dong Liu <dryice@FreeBSD.org> wrote: >Author: dryice >Date: Sun Dec 6 12:34:19 2015 >New Revision: 403109 >URL: https://svnweb.freebsd.org/changeset/ports/403109 > >Log: > Update to 2015.8.3 > > PR: 205043 >Submitted by: Christer Edwards <christer.edwards@gmail.com> >(maintainer) > >From the 2015.8.3 release notes: CVE-2015-8034: Saving state.sls cache data to disk with insecure permissions This affects users of the state.slsfunction. The state run cache on the minion was being created with incorrect permissions. This file could potentially contain sensitive data that was inserted via jinja into the state SLS files. The permissions for this file are now being set correctly. Thanks to @zmalone for bringing this issue to our attention. Can you ensure this gets a VuXML for this release and this commit and any prior ones get MFH'd? Thanks! -----BEGIN PGP SIGNATURE----- iQFHBAEBCgAxKhxKYXNvbiBVbm92aXRjaCA8amFzb24udW5vdml0Y2hAZ21haWwu Y29tPgUCVmQwIgAKCRBv1JwwFhyqbuO8B/9mzcqur3ZMLmAmEFWsaLg9tBafftVd F4dH1JA7oQEl93MNLK4Trw/WY5cevgJGffDWfcfVeitZxMBpBgFAKqFXRuZPtGG3 ead7vx+oOjxfD5wsqepGHAYsS0oWdvUEKHy96yuRINAJ2JLrjL/oayGmDBoXmVaG r8ArwPNAPE0JEw9E/pPpWhR7hF6z72QSLbZQub6UsCzPsSv/7B/QX7iD89ROE2DI 3/mhkZs7jJsd0qMrNFT6Pc1DJZlGxMh5d0v07NstRQCZdtH98Z2TU9yaeggqDXAI UmT4/n1eJijw3JBk6VmXY7O40+Wo0uhQ5czr50pVpFeGBPaQmMkkWJXV =Q+kp -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1F51213D-8A3E-4BD3-AA75-255528C320B8>