Overview
Request 1143454 accepted
- Prevent directory traversal when creating syndic cache directory
on the master (CVE-2024-22231, bsc#1219430)
- Prevent directory traversal attacks in the master's serve_file
method (CVE-2024-22232, bsc#1219431)
- Added:
* fix-cve-2024-22231-and-cve-2024-22232-bsc-1219430-bs.patch
Requires: python3-boto Requires: python3-boto3
There is python-boto3 in Factory but not python-boto.
Hi @PSuarezHernandez, This SR has the same issue than declined SR#1120052 :
This can't be accepted as it is. With the rename of salt-tests to python3-salt-testsuite a bunch of Requires have been added (see list below) and they would need be added to Ring1. Is it possible to relax these requirements?
list:
can't install python3-salt-testsuite-3006.0-1.1.x86_64: nothing provides python3-boto needed by python3-salt-testsuite-3006.0.x86_64 nothing provides python3-docker needed by python3-salt-testsuite-3006.0.x86_64 nothing provides python3-mock needed by python3-salt-testsuite-3006.0.x86_64 nothing provides python3-pygit2 needed by python3-salt-testsuite-3006.0.x86_64 nothing provides python3-testinfra needed by python3-salt-testsuite-3006.0.x86_64 nothing provides python3-yamllint needed by python3-salt-testsuite-3006.0.x86_64 nothing provides python3-pytest-salt-factories >= 1.0.0~rc21 needed by python3-salt-testsuite-3006.0.x86_64
@mczernek @PSuarezHernandez, This SR has the same issue than declined SR#1120052 (and a few others) and can't be accepted. With the rename of salt-tests to python3-salt-testsuite a bunch of Requires have been added (see list below) and they would need be added to Ring1. Is it possible to relax these requirements?
can't install python3-salt-testsuite-3006.0-1.1.x86_64: nothing provides python3-boto needed by python3-salt-testsuite-3006.0.x86_64 nothing provides python3-docker needed by python3-salt-testsuite-3006.0.x86_64 nothing provides python3-mock needed by python3-salt-testsuite-3006.0.x86_64 nothing provides python3-pygit2 needed by python3-salt-testsuite-3006.0.x86_64 nothing provides python3-testinfra needed by python3-salt-testsuite-3006.0.x86_64 nothing provides python3-yamllint needed by python3-salt-testsuite-3006.0.x86_64 nothing provides python3-pytest-salt-factories >= 1.0.0~rc21 needed by python3-salt-testsuite-3006.0.x86_64
Request History
PSuarezHernandez created request
- Prevent directory traversal when creating syndic cache directory
on the master (CVE-2024-22231, bsc#1219430)
- Prevent directory traversal attacks in the master's serve_file
method (CVE-2024-22232, bsc#1219431)
- Added:
* fix-cve-2024-22231-and-cve-2024-22232-bsc-1219430-bs.patch
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
licensedigger accepted review
ok
darix accepted review
Accepted review for by_group opensuse-review-team request 1143454 from user factory-auto
anag+factory set openSUSE:Factory:Staging:J as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:J"
anag+factory accepted review
Picked "openSUSE:Factory:Staging:J"
anag+factory accepted review
Staging Project openSUSE:Factory:Staging:J got accepted.
anag+factory approved review
Staging Project openSUSE:Factory:Staging:J got accepted.
anag+factory accepted request
Staging Project openSUSE:Factory:Staging:J got accepted.
