[Bug 200172] sysutils/py-salt: Multiple security vulnerabilities
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat May 16 00:20:25 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200172
jason.unovitch at gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jason.unovitch at gmail.com
--- Comment #4 from jason.unovitch at gmail.com ---
Created attachment 156815
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=156815&action=edit
Patch for security/vuxml update for Salt 2015.5.0
TESTING:
#
# After patching
#
root at xts-bsd:/usr/ports/security/vuxml # make validate
[55/1947]
/bin/sh /usr/ports/security/vuxml/files/tidy.sh
"/usr/ports/security/vuxml/files/tidy.xsl" "/usr/ports/security/vuxml/vuln.xml"
> "/us
r/ports/security/vuxml/vuln.xml.tidy"
>>> Validating...
/usr/local/bin/xmllint --valid --noout /usr/ports/security/vuxml/vuln.xml
>>> Successful.
Checking if tidy differs...
... seems okay
Checking for space/tab...
... seems okay
/usr/local/bin/python2.7 /usr/ports/security/vuxml/files/extra-validation.py
#
# After copy to /var/db/pkg/vuxml.xml on vulnerable saltmaster
#
root at saltmaster:~ # pkg audit
py27-salt-2014.7.5 is vulnerable:
py-salt -- potential shell injection vulnerabilities
WWW: http://vuxml.FreeBSD.org/freebsd/865863af-fb5e-11e4-8fda-002590263bf5.html
1 problem(s) in the installed packages found.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list