oss-sec mailing list archives

Re: SaltStack 2014.1.10 released

From: gremlin () gremlin ru
Date: Thu, 21 Aug 2014 21:13:05 +0400

On 21-Aug-2014 20:44:19 +0400, I wrote:

Did anyone else have this message fail to render in their email
client (I get a blank panel with the .sig attachment at the
bottom using Thunderbird/Enigmail/Fedora).

I use mutt, and it tells me everything is ok:
http://pics.rsh.ru/img/kurt_signature_in_mutt_bgxvgqe3.png


I had to read that more carefully (to be honest, messages from Kurt
were signed inline for a time)... Yes, the message from C. R. Oldham
was malformed: http://pics.rsh.ru/img/cr_bad_message_sz46z1tq.png

Here's raw message data, including significant headers:

X-Mailer: Airmail Beta (250)
MIME-Version: 1.0
Content-Type: multipart/signed;
 boundary="78CE6B75-3942-4514-B1F6-81C3B83FC90E";
 protocol="application/pgp-signature"; micalg=pgp-sha512
Content-Disposition: inline
Subject: [oss-security] SaltStack 2014.1.10 released
Status: RO
Content-Length: 1416
Lines: 39


http://docs.saltstack.com/en/latest/topics/releases/2014.1.10.html =20

The sources are available on pypi: =20

https://pypi.python.org/pypi/salt/2014.1.10 =20

Salt 2014.1.10 fixes security issues documented by CVE-2014-3563: =22Inse=
cure tmp-file creation in seed.py, salt-ssh, and salt-cloud.=22 Upgrading=
 is recommended. =20


-- =20
C. R. Oldham, Platform Engineer, SaltStack
cr=40saltstack.com


--78CE6B75-3942-4514-B1F6-81C3B83FC90E
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename=signature.asc
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: Message signed with OpenPGP using AMPGpg

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

...

-----END PGP SIGNATURE-----

--78CE6B75-3942-4514-B1F6-81C3B83FC90E--



-- 
Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin ПРИ gremlin ТЧК ru>
GPG: 8832FE9FA791F7968AC96E4E909DAC45EF3B1FA8 @ hkp://keys.gnupg.net

Attachment: _bin
Description:

Current thread:

SaltStack 2014.1.10 released C. R. Oldham (Aug 21)
- Re: SaltStack 2014.1.10 released Kurt Seifried (Aug 21)
  - Re: SaltStack 2014.1.10 released gremlin (Aug 21)
    - Re: SaltStack 2014.1.10 released Aaron Toponce (Aug 21)
    - Re: SaltStack 2014.1.10 released gremlin (Aug 21)
  - Re: SaltStack 2014.1.10 released Kurt Seifried (Aug 21)
    - Re: SaltStack 2014.1.10 released Kristian Fiskerstrand (Aug 21)
    - Re: SaltStack 2014.1.10 released Phil Pennock (Aug 21)
  - Re: SaltStack 2014.1.10 released Nick Boyce (Aug 21)
  - Re: SaltStack 2014.1.10 released Rylee Fowler (Aug 21)