From ff8561df8d96b8066be538d86c7fb529e7eecda5 Mon Sep 17 00:00:00 2001 From: Colton Myers Date: Wed, 15 Apr 2015 19:01:28 -0600 Subject: [PATCH] Add minor CVEs to 2014.7.4 release notes --- doc/topics/releases/2014.7.4.rst | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/doc/topics/releases/2014.7.4.rst b/doc/topics/releases/2014.7.4.rst index b9bb631aac..b7489a0f9b 100644 --- a/doc/topics/releases/2014.7.4.rst +++ b/doc/topics/releases/2014.7.4.rst @@ -2,11 +2,20 @@ Salt 2014.7.4 Release Notes =========================== -:release: TBA +:release: 2015-03-30 Version 2014.7.4 is a bugfix release for :doc:`2014.7.0 `. +This is a security release. The security issues fixed have only been present +since 2014.7.0, and only users of the two listed modules are vulnerable. The +following CVEs have been resolved: + +- CVE-2015-1838 SaltStack: insecure /tmp file handling in + salt/modules/serverdensity_device.py + +- CVE-2015-1839 SaltStack: insecure /tmp file handling in salt/modules/chef.py + Changes: - Multi-master minions mode no longer route fileclient operations asymetrically.