Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.security > #6258
| Path | csiph.com!fu-berlin.de!bofh.it!news.nic.it!robomod |
|---|---|
| From | Bastien Roucariès <rouca@debian.org> |
| Newsgroups | linux.debian.security |
| Subject | Re: SALT |
| Date | Sat, 30 Sep 2023 16:10:01 +0200 |
| Message-ID | <HjIPn-cAPI-3@gated-at.bofh.it> (permalink) |
| References | <HjIPn-cAPI-5@gated-at.bofh.it> |
| X-Mailbox-Line | From debian-security-request@lists.debian.org Sat Sep 30 14:08:46 2023 |
| Old-Return-Path | <rouca@debian.org> |
| X-Amavis-Spam-Status | No, score=-114.41 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FOURLA=0.1, LDO_WHITELIST=-5, PGPSIGNATURE=-5, RCVD_IN_DNSWL_MED=-2.3, UNPARSEABLE_RELAY=0.001, USER_IN_DKIM_WELCOMELIST=-0.01, USER_IN_DKIM_WHITELIST=-100] autolearn=ham autolearn_force=no |
| MIME-Version | 1.0 |
| Content-Type | multipart/signed; boundary="nextPart19586046.FGsivgFyH8"; micalg="pgp-sha512"; protocol="application/pgp-signature" |
| X-Debian-User | rouca |
| X-Mailing-List | <debian-security@lists.debian.org> archive/latest/29431 |
| List-ID | <debian-security.lists.debian.org> |
| List-URL | <https://lists.debian.org/debian-security/> |
| List-Archive | https://lists.debian.org/msgid-search/33490645.2EqoDJRYxZ@portable-bastien |
| Approved | robomod@news.nic.it |
| Lines | 88 |
| Organization | linux.* mail to news gateway |
| Sender | robomod@news.nic.it |
| X-Original-Cc | Bastien Roucariès <rouca@debian.org>, debian-security@lists.debian.org |
| X-Original-Date | Sat, 30 Sep 2023 14:08:22 +0000 |
| X-Original-Message-ID | <33490645.2EqoDJRYxZ@portable-bastien> |
| X-Original-References | <3460354.qppG2iM8jm@portable-bastien> |
| Xref | csiph.com linux.debian.security:6258 |
Show key headers only | View raw
[Multipart message — attachments visible in raw view] - view raw
Le jeudi 28 septembre 2023, 22:46:41 UTC Bastien Roucariès a écrit : Hi, An update > Hi > > I am trying to fix the CVE for SALT Salt need to be updated due to a failure on the custom crypto protocol what was broken. Both server and client need to be updated due to protocol change. > > Unfortunatly this will need a backport of salt 3002.9 that in turn need: > python3-saltfactories >= 0.907 (that need python3-setuptools (>= 50.3.2), python3-setuptools-scm (>= 3.4) to be investigated) > python3-attr (>= 19.1) > > I believe the first one used only for test could be solved > > For the second one, I think we should not update due to reverse depends > > What is the usual guidance in this case ? Can we embed (python3-venv) the python3-attr package ? > > Is it worthwhile ? Can I have a piece of advice from security team ? moreover it seems salt on other distro is EOL or not updated. Bastien > > Bastien > > [1] > Package: automat > Package: black > Package: cfgrib > Package: dhcpcanon > Package: fiona > Package: magic-wormhole > Package: magic-wormhole-mailbox-server > Package: pytest > Package: python-hypothesis > Package: python-service-identity > Package: python-treq > Package: python-zeep > Package: rasterio > Package: ufolib2 >
Back to linux.debian.security | Previous | Next | Find similar
Re: SALT Bastien Roucariès <rouca@debian.org> - 2023-09-30 16:10 +0200
csiph-web