Path: csiph.com!fu-berlin.de!bofh.it!news.nic.it!robomod From: Bastien =?ISO-8859-1?Q?Roucari=E8s?= Newsgroups: linux.debian.security Subject: Re: SALT Date: Sat, 30 Sep 2023 16:10:01 +0200 Message-ID: References: X-Mailbox-Line: From debian-security-request@lists.debian.org Sat Sep 30 14:08:46 2023 Old-Return-Path: X-Amavis-Spam-Status: No, score=-114.41 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FOURLA=0.1, LDO_WHITELIST=-5, PGPSIGNATURE=-5, RCVD_IN_DNSWL_MED=-2.3, UNPARSEABLE_RELAY=0.001, USER_IN_DKIM_WELCOMELIST=-0.01, USER_IN_DKIM_WHITELIST=-100] autolearn=ham autolearn_force=no MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart19586046.FGsivgFyH8"; micalg="pgp-sha512"; protocol="application/pgp-signature" X-Debian-User: rouca X-Mailing-List: archive/latest/29431 List-ID: List-URL: List-Archive: https://lists.debian.org/msgid-search/33490645.2EqoDJRYxZ@portable-bastien Approved: robomod@news.nic.it Lines: 88 Organization: linux.* mail to news gateway Sender: robomod@news.nic.it X-Original-Cc: Bastien =?ISO-8859-1?Q?Roucari=E8s?= , debian-security@lists.debian.org X-Original-Date: Sat, 30 Sep 2023 14:08:22 +0000 X-Original-Message-ID: <33490645.2EqoDJRYxZ@portable-bastien> X-Original-References: <3460354.qppG2iM8jm@portable-bastien> Xref: csiph.com linux.debian.security:6258 --nextPart19586046.FGsivgFyH8 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8"; protected-headers="v1" From: Bastien =?ISO-8859-1?Q?Roucari=E8s?= Subject: Re: SALT Date: Sat, 30 Sep 2023 14:08:07 +0000 Message-ID: <33490645.2EqoDJRYxZ@portable-bastien> In-Reply-To: <3460354.qppG2iM8jm@portable-bastien> References: <3460354.qppG2iM8jm@portable-bastien> MIME-Version: 1.0 Le jeudi 28 septembre 2023, 22:46:41 UTC Bastien Roucari=C3=A8s a =C3=A9cri= t : Hi, An update > Hi >=20 > I am trying to fix the CVE for SALT Salt need to be updated due to a failure on the custom crypto protocol what= was broken. Both server and client need to be updated due to protocol chan= ge. >=20 > Unfortunatly this will need a backport of salt 3002.9 that in turn need: > python3-saltfactories >=3D 0.907 (that need python3-setuptools (>=3D 50.3= =2E2), python3-setuptools-scm (>=3D 3.4) to be investigated) > python3-attr (>=3D 19.1) >=20 > I believe the first one used only for test could be solved >=20 > For the second one, I think we should not update due to reverse depends >=20 > What is the usual guidance in this case ? Can we embed (python3-venv) the= python3-attr package ? >=20 > Is it worthwhile ? Can I have a piece of advice from security team ? moreover it seems salt on other distro is EOL or not updated. Bastien >=20 > Bastien >=20 > [1] > Package: automat > Package: black > Package: cfgrib > Package: dhcpcanon > Package: fiona > Package: magic-wormhole > Package: magic-wormhole-mailbox-server > Package: pytest > Package: python-hypothesis > Package: python-service-identity > Package: python-treq > Package: python-zeep > Package: rasterio > Package: ufolib2 >=20 --nextPart19586046.FGsivgFyH8 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmUYK8cACgkQADoaLapB CF/1eQ/+MMr1ziuJAv7qP0WIu16+Qzd+FWiM+PvUw6GhMs6sRiORu/49V9pnk+Q/ 2+t3AZAe/sMPlrso7Bi0VMyOuj30U+Hg6CGuClwUE/fZGrb6a8SsCqGtOCOMVHzR f7w8/BLixSSs9rO/EOP5gVs/Ez8l+Sl4UprUv69I+a5rsiR8kM4tG2ypqr0FQkYi 6n4Q8ENb7L5PxL0YIiJd62tVJiK1cBcM+AOlJ9BvVdDElptiq2+1plgXDDNk3Znw u7owRkRhTPmZD1VPlQnrajt/ik8n7TDSe9c7Uy7UTZcOKEovxT3CKDxWsDyAsune crE5jhS1AhLhEjUTLstV0gpERyVU/ctGpI84ROO/3HpuNE6jZboHBryeE/aYc65j i+n5WTim0Oi+Z2Gk1LCo9gjHFZzsMP43aF7JrkDSONJ/qn2pFWz30oJD0u61teXm u15iWxRkpr1jniXivDcy0Pbe1gn+D+lV+WpLGBXMjIHYJA8m0Eo2RERc1YE/cWGU 2UoQKFTQ0NcEbvHGY3BaW1S8rD4HNCxvRVdcBOs/ZtRNn5MXlwxDoWg4uxFn7KAA xhHxljCGOpHs/s3/56PW5MRkl6C1k9nioo5rVJK24bVmZliJnD72GR9T4TFOBe+0 MSHey4O2x83x2DtJQPKAYYQbC/ZC+9BJTPpUQqVsHlVm6uZExtA= =kiVa -----END PGP SIGNATURE----- --nextPart19586046.FGsivgFyH8--