Bug 1289109 (CVE-2015-8034)
Summary: | CVE-2015-8034 salt: Information leak from state.sls cache data stored as world-readable | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | andrewniemants, carnil, ceph-eng-bugs, erik, sisharma |
Target Milestone: | --- | Keywords: | Reopened, Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | salt 2015.8.3 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-02-15 04:30:17 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1289110, 1289111 | ||
Bug Blocks: | 1289115 |
Description
Adam Mariš
2015-12-07 13:17:14 UTC
Created salt tracking bugs for this issue: Affects: fedora-all [bug 1289110] Affects: epel-all [bug 1289111] The 2015.5.9 builds currently in testing include this patch already. Actually, the 2015.5.8 builds in stable also include this patch, so I'm going to close this. (In reply to Erik Johnson from comment #3) > Actually, the 2015.5.8 builds in stable also include this patch, so I'm > going to close this. Please do not close CVE bugs, these bugs are supposed to be closed by Red Hat's Product Security after the issue is fixed in all its products. Thanks OK, but the issue *is* fixed. 2015.5.8 is in stable. What is the path to getting this issue closed, then, since I didn't add the bug number when I submitted the 2015.5.8 builds to bodhi? I did add this bug to the 2015.5.9 builds of Salt currently in testing, before I realized that the issue was already resolved in 2015.5.8. salt-2015.5.9-2.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. |