Merge pull request #22730 from basepi/2014.7.4releasenotes

Add minor CVEs to 2014.7.4 release notes
2024-11-08 01:18:58 +00:00 · 2015-04-15 19:02:06 -06:00 · 2015-04-15 19:02:06 -06:00 · bb37e4f3e6
commit bb37e4f3e6
parent 5a32eeb911 ff8561df8d
1 changed files with 10 additions and 1 deletions
--- a/doc/topics/releases/2014.7.4.rst
+++ b/doc/topics/releases/2014.7.4.rst
@ -2,11 +2,20 @@
 Salt 2014.7.4 Release Notes
 ===========================

-:release: TBA
+:release: 2015-03-30

 Version 2014.7.4 is a bugfix release for :doc:`2014.7.0
 </topics/releases/2014.7.0>`.

+This is a security release. The security issues fixed have only been present
+since 2014.7.0, and only users of the two listed modules are vulnerable. The
+following CVEs have been resolved:
+
+- CVE-2015-1838 SaltStack: insecure /tmp file handling in
+  salt/modules/serverdensity_device.py
+
+- CVE-2015-1839 SaltStack: insecure /tmp file handling in salt/modules/chef.py
+
 Changes:

 - Multi-master minions mode no longer route fileclient operations asymetrically.