Overview

Request 1143341 accepted

- Prevent directory traversal when creating syndic cache directory
on the master (CVE-2024-22231, bsc#1219430)
- Prevent directory traversal attacks in the master's serve_file
method (CVE-2024-22232, bsc#1219431)
- Added:
* fix-cve-2024-22231-and-cve-2024-22232-bsc-1219430-bs.patch

- Prevent exceptions with fileserver.update when called via state (bsc#1218482)
- Added:
* allow-kwargs-for-fileserver-roots-update-bsc-1218482.patch

- Improve pip target override condition with VENV_PIP_TARGET
environment variable (bsc#1216850)
- Fixed KeyError in logs when running a state that fails
- Added:
* fixed-keyerror-in-logs-when-running-a-state-that-fai.patch
* improve-pip-target-override-condition-with-venv_pip_.patch

Request History
Pablo Suárez Hernández's avatar

PSuarezHernandez created request

- Prevent directory traversal when creating syndic cache directory
on the master (CVE-2024-22231, bsc#1219430)
- Prevent directory traversal attacks in the master's serve_file
method (CVE-2024-22232, bsc#1219431)
- Added:
* fix-cve-2024-22231-and-cve-2024-22232-bsc-1219430-bs.patch

- Prevent exceptions with fileserver.update when called via state (bsc#1218482)
- Added:
* allow-kwargs-for-fileserver-roots-update-bsc-1218482.patch

- Improve pip target override condition with VENV_PIP_TARGET
environment variable (bsc#1216850)
- Fixed KeyError in logs when running a state that fails
- Added:
* fixed-keyerror-in-logs-when-running-a-state-that-fai.patch
* improve-pip-target-override-condition-with-venv_pip_.patch


Alexander Graul's avatar

agraul accepted request

Thanks!

openSUSE Build Service is sponsored by