saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Added CVE 2015-8034 to 2015.5.8 release notes

Browse source
This commit is contained in:
Jacob Hammons 2015-12-03 20:02:16 -07:00
parent b3452f2a1a
commit 4f51a737f9
1 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
doc/topics/releases/2015.5.8.rst
View file

@ -2,6 +2,16 @@
Salt 2015.5.8 Release Notes
===========================
Security Fix
============
CVE-2015-8034: Saving ``state.sls`` cache data to disk with insecure permissions
This affects users of the ``state.sls`` function. The state run cache on the minion was being created with incorrect permissions. This file could potentially contain sensitive data that was inserted via jinja into the state SLS files. The permissions for this file are now being set correctly. Thanks to @zmalone for bringing this issue to our attention.
Changes
=======
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):
*Generated at: 2015-11-23T23:16:23Z*
@ -126,7 +136,7 @@ Changes:
- **PR** `#28263`_: (*cachedout*) New channel for event.send
- **PR** `#28293`_: (*cachedout*) Minor grammar changes
- **PR** `#28293`_: (*cachedout*) Minor grammar changes
- **PR** `#28271`_: (*gwaters*) Update tutorial documentation