Source: chef
Version: 12.3.0-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/chef/chef/issues/3871
Hi,

the following vulnerability was published for chef.

CVE-2015-8559[0]:
knife bootstrap leaks validator privkey into system logs

AFAICS no fix is yet available upstream.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-8559
[1] https://github.com/chef/chef/issues/3871

Please adjust the affected versions in the BTS as needed.

I think this issue does not warrant a DSA, do you concur?

Regards,
Salvatore

_______________________________________________
Pkg-ruby-extras-maintainers mailing list
Pkg-ruby-extras-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers

Reply via email to