saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge pull request #50576 from garethgreenaway/bp-50549

Browse source 
Back-port PR #50549 to 2018.3
This commit is contained in:
Erik Johnson 2018-11-21 08:39:54 -06:00 committed by GitHub
commit 5c281797d4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
doc/topics/releases/2016.11.10.rst
View file

@ -13,3 +13,5 @@ Security Fix
CVE-2018-15751 Remote command execution and incorrect access control when using salt-api.
CVE-2018-15750 Directory traversal vulnerability when using salt-api. Allows an attacker to determine what files exist on a server when querying /run or /events.
Credit and thanks for discovery and responsible disclosure: nullbr4in, xcuter, koredge, loupos, blackcon, Naver Business Platform

2
doc/topics/releases/2017.7.8.rst
View file

@ -20,6 +20,8 @@ CVE-2018-15751 Remote command execution and incorrect access control when using
CVE-2018-15750 Directory traversal vulnerability when using salt-api. Allows an attacker to determine what files exist on a server when querying /run or /events.
Credit and thanks for discovery and responsible disclosure: nullbr4in, xcuter, koredge, loupos, blackcon, Naver Business Platform
New win_snmp behavior
=====================

2
doc/topics/releases/2018.3.3.rst
View file

@ -50,6 +50,8 @@ CVE-2018-15751 Remote command execution and incorrect access control when using
CVE-2018-15750 Directory traversal vulnerability when using salt-api. Allows an attacker to determine what files exist on a server when querying /run or /events.
Credit and thanks for discovery and responsible disclosure: nullbr4in, xcuter, koredge, loupos, blackcon, Naver Business Platform
Changes to win_timezone
=======================