info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Re: SALT
0 views
Skip to first unread message
Bastien Roucariès
Sep 30, 2023, 10:10:04 AM9/30/23
to
Le jeudi 28 septembre 2023, 22:46:41 UTC Bastien Roucariès a écrit :
Hi,
An update
> Hi
>
> I am trying to fix the CVE for SALT
Salt need to be updated due to a failure on the custom crypto protocol what was broken. Both server and client need to be updated due to protocol change.
>
> Unfortunatly this will need a backport of salt 3002.9 that in turn need:
> python3-saltfactories >= 0.907 (that need python3-setuptools (>= 50.3.2), python3-setuptools-scm (>= 3.4) to be investigated)
> python3-attr (>= 19.1)
>
> I believe the first one used only for test could be solved
>
> For the second one, I think we should not update due to reverse depends
>
> What is the usual guidance in this case ? Can we embed (python3-venv) the python3-attr package ?
>
> Is it worthwhile ?
Can I have a piece of advice from security team ?
moreover it seems salt on other distro is EOL or not updated.
Bastien
>
> Bastien
>
> [1]
> Package: automat
> Package: black
> Package: cfgrib
> Package: dhcpcanon
> Package: fiona
> Package: magic-wormhole
> Package: magic-wormhole-mailbox-server
> Package: pytest
> Package: python-hypothesis
> Package: python-service-identity
> Package: python-treq
> Package: python-zeep
> Package: rasterio
> Package: ufolib2
>
Hi,
An update
> Hi
>
> I am trying to fix the CVE for SALT
Salt need to be updated due to a failure on the custom crypto protocol what was broken. Both server and client need to be updated due to protocol change.
>
> Unfortunatly this will need a backport of salt 3002.9 that in turn need:
> python3-saltfactories >= 0.907 (that need python3-setuptools (>= 50.3.2), python3-setuptools-scm (>= 3.4) to be investigated)
> python3-attr (>= 19.1)
>
> I believe the first one used only for test could be solved
>
> For the second one, I think we should not update due to reverse depends
>
> What is the usual guidance in this case ? Can we embed (python3-venv) the python3-attr package ?
>
> Is it worthwhile ?
Can I have a piece of advice from security team ?
moreover it seems salt on other distro is EOL or not updated.
Bastien
>
> Bastien
>
> [1]
> Package: automat
> Package: black
> Package: cfgrib
> Package: dhcpcanon
> Package: fiona
> Package: magic-wormhole
> Package: magic-wormhole-mailbox-server
> Package: pytest
> Package: python-hypothesis
> Package: python-service-identity
> Package: python-treq
> Package: python-zeep
> Package: rasterio
> Package: ufolib2
>
0 new messages