[Bug 200172] sysutils/py-salt: Multiple security vulnerabilities

Sat May 16 00:20:25 UTC 2015

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200172

jason.unovitch at gmail.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jason.unovitch at gmail.com

--- Comment #4 from jason.unovitch at gmail.com ---
Created attachment 156815
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=156815&action=edit
Patch for security/vuxml update for Salt 2015.5.0

TESTING:

#
# After patching
#

root at xts-bsd:/usr/ports/security/vuxml # make validate                         
                                             [55/1947]
/bin/sh /usr/ports/security/vuxml/files/tidy.sh
"/usr/ports/security/vuxml/files/tidy.xsl" "/usr/ports/security/vuxml/vuln.xml"
> "/us
r/ports/security/vuxml/vuln.xml.tidy"
>>> Validating...
/usr/local/bin/xmllint --valid --noout /usr/ports/security/vuxml/vuln.xml
>>> Successful.
Checking if tidy differs...
... seems okay
Checking for space/tab...
... seems okay
/usr/local/bin/python2.7 /usr/ports/security/vuxml/files/extra-validation.py

#
# After copy to /var/db/pkg/vuxml.xml on vulnerable saltmaster
#

root at saltmaster:~ # pkg audit
py27-salt-2014.7.5 is vulnerable:
py-salt -- potential shell injection vulnerabilities
WWW: http://vuxml.FreeBSD.org/freebsd/865863af-fb5e-11e4-8fda-002590263bf5.html

1 problem(s) in the installed packages found.

-- 
You are receiving this mail because:
You are the assignee for the bug.