Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 16 May 2015 00:20:24 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-ports-bugs@FreeBSD.org
Subject:   [Bug 200172] sysutils/py-salt: Multiple security vulnerabilities
Message-ID:  <bug-200172-13-Kzyf9N9A0e@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-200172-13@https.bugs.freebsd.org/bugzilla/>
References:  <bug-200172-13@https.bugs.freebsd.org/bugzilla/>

next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200172

jason.unovitch@gmail.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jason.unovitch@gmail.com

--- Comment #4 from jason.unovitch@gmail.com ---
Created attachment 156815
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=156815&action=edit
Patch for security/vuxml update for Salt 2015.5.0

TESTING:

#
# After patching
#

root@xts-bsd:/usr/ports/security/vuxml # make validate                         
                                             [55/1947]
/bin/sh /usr/ports/security/vuxml/files/tidy.sh
"/usr/ports/security/vuxml/files/tidy.xsl" "/usr/ports/security/vuxml/vuln.xml"
> "/us
r/ports/security/vuxml/vuln.xml.tidy"
>>> Validating...
/usr/local/bin/xmllint --valid --noout /usr/ports/security/vuxml/vuln.xml
>>> Successful.
Checking if tidy differs...
... seems okay
Checking for space/tab...
... seems okay
/usr/local/bin/python2.7 /usr/ports/security/vuxml/files/extra-validation.py

#
# After copy to /var/db/pkg/vuxml.xml on vulnerable saltmaster
#

root@saltmaster:~ # pkg audit
py27-salt-2014.7.5 is vulnerable:
py-salt -- potential shell injection vulnerabilities
WWW: http://vuxml.FreeBSD.org/freebsd/865863af-fb5e-11e4-8fda-002590263bf5.html

1 problem(s) in the installed packages found.

-- 
You are receiving this mail because:
You are the assignee for the bug.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-200172-13-Kzyf9N9A0e>