3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/pkgs/tools/admin
Graham Christensen 379144f54b
salt: 2016.3.3 -> 2016.11.2 for multiple CVEs
From the Arch Linux advisory:

- CVE-2017-5192 (arbitrary code execution): The
  `LocalClient.cmd_batch()` method client does not accept
  `external_auth` credentials and so access to it from salt-api has
  been removed for now. This vulnerability allows code execution for
  already- authenticated users and is only in effect when running
  salt-api as the `root` user.

- CVE-2017-5200 (arbitrary command execution): Salt-api allows
  arbitrary command execution on a salt-master via Salt's ssh_client.
  Users of Salt-API and salt-ssh could execute a command on the salt
  master via a hole when both systems were enabled.
2017-02-08 21:24:10 -05:00
..
analog
awslogs awslogs: init at 0.7 2016-12-06 10:56:54 +01:00
certbot certbot: 0.6.0 -> 0.9.3 2016-12-21 12:04:56 +01:00
cli53 cli53: use python2 2016-10-18 23:16:07 +02:00
daemontools treewide: Use explicit 'dev' references to glibc 2016-08-30 03:11:09 +03:00
dehydrated Added package for dehydrated. (#19651) 2016-10-20 13:32:05 +02:00
google-cloud-sdk google-cloud-sdk: 134.0.0 -> 138.0.0 2016-12-19 09:05:45 +01:00
gtk-vnc gtk-vnc: 0.5.3 -> 0.6.0 2016-10-01 17:14:31 +02:00
lxd buildGoPackage: deps.json -> deps.nix in NIXON 2016-09-16 00:04:55 +01:00
nxproxy
salt salt: 2016.3.3 -> 2016.11.2 for multiple CVEs 2017-02-08 21:24:10 -05:00
sec
simp_le simp_le: switch to zenhack/simp_le 2016-12-21 12:11:04 +01:00
tigervnc tigervnc: 1.7.0 -> 1.7.1 for CVE-2017-5581 2017-02-03 07:34:25 -05:00
tightvnc