saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge pull request #29418 from jacobhammons/dot8

Browse source 
Added CVE 2015-8034 to 2015.5.8 release notes
This commit is contained in:
jacobhammons 2015-12-03 20:02:53 -07:00
commit 197210d52e
1 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
doc/topics/releases/2015.5.8.rst
View file

@ -2,6 +2,16 @@
Salt 2015.5.8 Release Notes
===========================
Security Fix
============
CVE-2015-8034: Saving ``state.sls`` cache data to disk with insecure permissions
This affects users of the ``state.sls`` function. The state run cache on the minion was being created with incorrect permissions. This file could potentially contain sensitive data that was inserted via jinja into the state SLS files. The permissions for this file are now being set correctly. Thanks to @zmalone for bringing this issue to our attention.
Changes
=======
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
*Generated at: 2015-11-23T23:16:23Z*
@ -126,7 +136,7 @@ Changes:
- **PR** `#28263`_: (*cachedout*) New channel for event.send
- **PR** `#28293`_: (*cachedout*) Minor grammar changes
- **PR** `#28293`_: (*cachedout*) Minor grammar changes
- **PR** `#28271`_: (*gwaters*) Update tutorial documentation