[ubuntu/jammy-proposed] salt 3004.1+dfsg-1 (Accepted)

Benjamin Drung bdrung at posteo.de
Sat Apr 16 10:40:08 UTC 2022


salt (3004.1+dfsg-1) unstable; urgency=medium

  * New upstream security/bugfix release. (Closes: #1008945)
    - Sign authentication replies to prevent MiTM (CVE-2022-22935)
    - Prevent job and fileserver replays (CVE-2022-22936)
    - Sign pillar data to prevent MiTM attacks. (CVE-2202-22934)
    - Fixed targeting bug, especially visible when using syndic and user auth.
      (CVE-2022-22941) (#60413)
    - Fix denial of service in junos ifconfig output parsing.
  * d/watch: Drop number from repack suffix
  * Refresh patches
  * Mark test_list_available_packages requiring network
  * Rely on pytest-skip-markers 1.1.0-3 that supports NO_INTERNET
  * Don't rely on importlib.metadata, it's still not ready for our usage
    (Closes: #1008896)
  * test_aptpkg.py: Fix UnboundLocalError: local variable 'test_repo'
    (Closes: #1006036)
  * Update my email address to @debian.org

Date: 2022-04-16 10:34:58.589408+00:00
Signed-By: Benjamin Drung <bdrung at posteo.de>
https://launchpad.net/ubuntu/+source/salt/3004.1+dfsg-1
-------------- next part --------------
Sorry, changesfile not available.


More information about the jammy-changes mailing list