Le jeudi 28 septembre 2023, 22:46:41 UTC Bastien Roucariès a écrit :
Hi,
An update
Hi
I am trying to fix the CVE for SALT
Salt need to be updated due to a failure on the custom crypto protocol what was broken. Both server and client need to be updated due to protocol change.
Unfortunatly this will need a backport of salt 3002.9 that in turn need: python3-saltfactories >= 0.907 (that need python3-setuptools (>= 50.3.2), python3-setuptools-scm (>= 3.4) to be investigated)
python3-attr (>= 19.1)
I believe the first one used only for test could be solved
For the second one, I think we should not update due to reverse depends
What is the usual guidance in this case ? Can we embed (python3-venv) the python3-attr package ?
Is it worthwhile ?
Can I have a piece of advice from security team ?
moreover it seems salt on other distro is EOL or not updated.
Bastien
Bastien
[1]
Package: automat
Package: black
Package: cfgrib
Package: dhcpcanon
Package: fiona
Package: magic-wormhole
Package: magic-wormhole-mailbox-server
Package: pytest
Package: python-hypothesis
Package: python-service-identity
Package: python-treq
Package: python-zeep
Package: rasterio
Package: ufolib2
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmUYK8cACgkQADoaLapB CF/1eQ/+MMr1ziuJAv7qP0WIu16+Qzd+FWiM+PvUw6GhMs6sRiORu/49V9pnk+Q/ 2+t3AZAe/sMPlrso7Bi0VMyOuj30U+Hg6CGuClwUE/fZGrb6a8SsCqGtOCOMVHzR f7w8/BLixSSs9rO/EOP5gVs/Ez8l+Sl4UprUv69I+a5rsiR8kM4tG2ypqr0FQkYi 6n4Q8ENb7L5PxL0YIiJd62tVJiK1cBcM+AOlJ9BvVdDElptiq2+1plgXDDNk3Znw u7owRkRhTPmZD1VPlQnrajt/ik8n7TDSe9c7Uy7UTZcOKEovxT3CKDxWsDyAsune crE5jhS1AhLhEjUTLstV0gpERyVU/ctGpI84ROO/3HpuNE6jZboHBryeE/aYc65j i+n5WTim0Oi+Z2Gk1LCo9gjHFZzsMP43aF7JrkDSONJ/qn2pFWz30oJD0u61teXm u15iWxRkpr1jniXivDcy0Pbe1gn+D+lV+WpLGBXMjIHYJA8m0Eo2RERc1YE/cWGU 2UoQKFTQ0NcEbvHGY3BaW1S8rD4HNCxvRVdcBOs/ZtRNn5MXlwxDoWg4uxFn7KAA xhHxljCGOpHs/s3/56PW5MRkl6C1k9nioo5rVJK24bVmZliJnD72GR9T4TFOBe+0 MSHey4O2x83x2DtJQPKAYYQbC/ZC+9BJTPpUQqVsHlVm6uZExtA=
=kiVa
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)