Bastien Roucariès
unread,Sep 30, 2023, 10:10:04 AM9/30/23You do not have permission to delete messages in this group
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to
Le jeudi 28 septembre 2023, 22:46:41 UTC Bastien Roucariès a écrit :
Hi,
An update
> Hi
>
> I am trying to fix the CVE for SALT
Salt need to be updated due to a failure on the custom crypto protocol what was broken. Both server and client need to be updated due to protocol change.
>
> Unfortunatly this will need a backport of salt 3002.9 that in turn need:
> python3-saltfactories >= 0.907 (that need python3-setuptools (>= 50.3.2), python3-setuptools-scm (>= 3.4) to be investigated)
> python3-attr (>= 19.1)
>
> I believe the first one used only for test could be solved
>
> For the second one, I think we should not update due to reverse depends
>
> What is the usual guidance in this case ? Can we embed (python3-venv) the python3-attr package ?
>
> Is it worthwhile ?
Can I have a piece of advice from security team ?
moreover it seems salt on other distro is EOL or not updated.
Bastien
>
> Bastien
>
> [1]
> Package: automat
> Package: black
> Package: cfgrib
> Package: dhcpcanon
> Package: fiona
> Package: magic-wormhole
> Package: magic-wormhole-mailbox-server
> Package: pytest
> Package: python-hypothesis
> Package: python-service-identity
> Package: python-treq
> Package: python-zeep
> Package: rasterio
> Package: ufolib2
>