Le jeudi 28 septembre 2023, 22:46:41 UTC Bastien Roucariès a écrit : Hi, An update > Hi > > I am trying to fix the CVE for SALT
Salt need to be updated due to a failure on the custom crypto protocol what was broken. Both server and client need to be updated due to protocol change. > > Unfortunatly this will need a backport of salt 3002.9 that in turn need: > python3-saltfactories >= 0.907 (that need python3-setuptools (>= 50.3.2), > python3-setuptools-scm (>= 3.4) to be investigated) > python3-attr (>= 19.1) > > I believe the first one used only for test could be solved > > For the second one, I think we should not update due to reverse depends > > What is the usual guidance in this case ? Can we embed (python3-venv) the > python3-attr package ? > > Is it worthwhile ? Can I have a piece of advice from security team ? moreover it seems salt on other distro is EOL or not updated. Bastien > > Bastien > > [1] > Package: automat > Package: black > Package: cfgrib > Package: dhcpcanon > Package: fiona > Package: magic-wormhole > Package: magic-wormhole-mailbox-server > Package: pytest > Package: python-hypothesis > Package: python-service-identity > Package: python-treq > Package: python-zeep > Package: rasterio > Package: ufolib2 >
signature.asc
Description: This is a digitally signed message part.