Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.security > #6258
| From | Bastien Roucariès <rouca@debian.org> |
|---|---|
| Newsgroups | linux.debian.security |
| Subject | Re: SALT |
| Date | 2023-09-30 16:10 +0200 |
| Message-ID | <HjIPn-cAPI-3@gated-at.bofh.it> (permalink) |
| References | <HjIPn-cAPI-5@gated-at.bofh.it> |
| Organization | linux.* mail to news gateway |
[Multipart message — attachments visible in raw view] - view raw
Le jeudi 28 septembre 2023, 22:46:41 UTC Bastien Roucariès a écrit : Hi, An update > Hi > > I am trying to fix the CVE for SALT Salt need to be updated due to a failure on the custom crypto protocol what was broken. Both server and client need to be updated due to protocol change. > > Unfortunatly this will need a backport of salt 3002.9 that in turn need: > python3-saltfactories >= 0.907 (that need python3-setuptools (>= 50.3.2), python3-setuptools-scm (>= 3.4) to be investigated) > python3-attr (>= 19.1) > > I believe the first one used only for test could be solved > > For the second one, I think we should not update due to reverse depends > > What is the usual guidance in this case ? Can we embed (python3-venv) the python3-attr package ? > > Is it worthwhile ? Can I have a piece of advice from security team ? moreover it seems salt on other distro is EOL or not updated. Bastien > > Bastien > > [1] > Package: automat > Package: black > Package: cfgrib > Package: dhcpcanon > Package: fiona > Package: magic-wormhole > Package: magic-wormhole-mailbox-server > Package: pytest > Package: python-hypothesis > Package: python-service-identity > Package: python-treq > Package: python-zeep > Package: rasterio > Package: ufolib2 >
Back to linux.debian.security | Previous | Next | Find similar
Re: SALT Bastien Roucariès <rouca@debian.org> - 2023-09-30 16:10 +0200
csiph-web