From 27a14d6b1081e07a9168279e086f409a0425fe39 Mon Sep 17 00:00:00 2001 From: Markus Koschany Date: Fri, 19 Nov 2021 12:09:17 +0100 Subject: Mark Buster issues in Salt as fixed in version 2018.3.4+dfsg1-6+deb10u3 --- data/CVE/list | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/data/CVE/list b/data/CVE/list index bfd33d5186..e05b0198e2 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -33216,6 +33216,7 @@ CVE-2021-31608 CVE-2021-31607 (In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerabi ...) {DLA-2815-1} - salt 3002.6+dfsg1-2 (bug #987496) + [buster] - salt 2018.3.4+dfsg1-6+deb10u3 NOTE: https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/ CVE-2021-31606 (furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to ...) NOT-FOR-US: openvpn-monitor @@ -48285,6 +48286,7 @@ CVE-2019-25015 (LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a CVE-2021-3197 (An issue was discovered in SaltStack Salt before 3002.5. The salt-api' ...) {DLA-2815-1} - salt 3002.5+dfsg1-1 (bug #983632) + [buster] - salt 2018.3.4+dfsg1-6+deb10u3 NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ CVE-2021-3196 (An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 t ...) NOT-FOR-US: Hitachi ID Bravura Security Fabric @@ -49276,18 +49278,22 @@ CVE-2021-25285 CVE-2021-25284 (An issue was discovered in through SaltStack Salt before 3002.5. salt. ...) {DLA-2815-1} - salt 3002.5+dfsg1-1 (bug #983632) + [buster] - salt 2018.3.4+dfsg1-6+deb10u3 NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ CVE-2021-25283 (An issue was discovered in through SaltStack Salt before 3002.5. The j ...) {DLA-2815-1} - salt 3002.5+dfsg1-1 (bug #983632) + [buster] - salt 2018.3.4+dfsg1-6+deb10u3 NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ CVE-2021-25282 (An issue was discovered in through SaltStack Salt before 3002.5. The s ...) {DLA-2815-1} - salt 3002.5+dfsg1-1 (bug #983632) + [buster] - salt 2018.3.4+dfsg1-6+deb10u3 NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ CVE-2021-25281 (An issue was discovered in through SaltStack Salt before 3002.5. salt- ...) {DLA-2815-1} - salt 3002.5+dfsg1-1 (bug #983632) + [buster] - salt 2018.3.4+dfsg1-6+deb10u3 NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ CVE-2021-XXXX [SQL Server LIMIT / OFFSET SQL Injection] - php-laravel-framework 6.20.14+dfsg-2 (bug #987831) @@ -49540,6 +49546,7 @@ CVE-2021-3149 (On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/ma CVE-2021-3148 (An issue was discovered in SaltStack Salt before 3002.5. Sending craft ...) {DLA-2815-1} - salt 3002.5+dfsg1-1 (bug #983632) + [buster] - salt 2018.3.4+dfsg1-6+deb10u3 NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ CVE-2021-3147 RESERVED @@ -51729,6 +51736,7 @@ CVE-2021-3145 (In Ionic Identity Vault before 5, a local root attacker on an And CVE-2021-3144 (In SaltStack Salt before 3002.5, eauth tokens can be used once after e ...) {DLA-2815-1} - salt 3002.5+dfsg1-1 (bug #983632) + [buster] - salt 2018.3.4+dfsg1-6+deb10u3 NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ CVE-2021-3143 RESERVED @@ -59279,6 +59287,7 @@ CVE-2020-35663 CVE-2020-35662 (In SaltStack Salt before 3002.5, when authenticating to services using ...) {DLA-2815-1} - salt 3002.5+dfsg1-1 (bug #983632) + [buster] - salt 2018.3.4+dfsg1-6+deb10u3 NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ CVE-2020-35661 RESERVED @@ -67939,6 +67948,7 @@ CVE-2020-28973 (The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fail CVE-2020-28972 (In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsp ...) {DLA-2815-1} - salt 3002.5+dfsg1-1 (bug #983632) + [buster] - salt 2018.3.4+dfsg1-6+deb10u3 NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ CVE-2020-26235 (In Rust time crate from version 0.2.7 and before version 0.2.23, unix- ...) - rust-time (Vulnerable methods introduced in v0.2.7) @@ -72456,6 +72466,7 @@ CVE-2020-28244 CVE-2020-28243 (An issue was discovered in SaltStack Salt before 3002.5. The minion's ...) {DLA-2815-1} - salt 3002.5+dfsg1-1 (bug #983632) + [buster] - salt 2018.3.4+dfsg1-6+deb10u3 NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ CVE-2020-28242 (An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 1 ...) - asterisk 1:16.15.0~dfsg-1 (bug #974713) -- cgit v1.2.3