Request 1198678: Submit venv-salt-minion - openSUSE Build Service

Overview

Request 1198678 accepted

- Security updates on Python 3.11 interpreter:
* Fix quadratic complexity in parsing -quoted cookie values with
backslashes (bsc#1229873, bsc#1230059, CVE-2024-7592).
* Prevent malformed payload to cause infinite loops in zipfile.Path
(bsc#1229704, bsc#1230058, CVE-2024-8088).
* Prevent email header injection due to unquoted newlines
(bsc#1228780, CVE-2024-6923).
* Rearranging definition of private global IP addresses
(bsc#1226448, CVE-2024-4032).
* gh-114572: ssl.SSLContext.cert_store_stats() and
ssl.SSLContext.get_ca_certs() now correctly lock access to the
certificate store, when the ssl.SSLContext is shared across
multiple threads (bsc#1226447, CVE-2024-0397).
- Security updates on Python dependencies:
* zipp: Add patch CVE-2024-5569.patch from upstream gh#jaraco/zipp@fd604bd34f03
(bsc#1227547, CVE-2024-5569, bsc#1229996).
* setuptools: Sanitize any VCS URL we download
(CVE-2024-6345, bsc#1228105, bsc#1229995).
* idna: Add CVE-2024-3651.patch, backported from upstream commit
gh#kjd/idna#172/commits/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7
(bsc#1222842, bsc#1229994, CVE-2024-3651).
* urllib3: Added the ``Proxy-Authorization`` header to the list of headers
to strip from requests when redirecting to a different host
(bsc#1226469, bsc#1229654, CVE-2024-37891).

Created by PSuarezHernandez 2 months ago
In state accepted

Submit venv-salt-minion

Comments for request 1198678 1

Alexander Graul (agraul) - 2 months ago

LGTM, let's wait for Marina to review the changelog as well

Login required, please login in order to comment

Request History

PSuarezHernandez created request 2 months ago

- Security updates on Python 3.11 interpreter:
* Fix quadratic complexity in parsing -quoted cookie values with
backslashes (bsc#1229873, bsc#1230059, CVE-2024-7592).
* Prevent malformed payload to cause infinite loops in zipfile.Path
(bsc#1229704, bsc#1230058, CVE-2024-8088).
* Prevent email header injection due to unquoted newlines
(bsc#1228780, CVE-2024-6923).
* Rearranging definition of private global IP addresses
(bsc#1226448, CVE-2024-4032).
* gh-114572: ssl.SSLContext.cert_store_stats() and
ssl.SSLContext.get_ca_certs() now correctly lock access to the
certificate store, when the ssl.SSLContext is shared across
multiple threads (bsc#1226447, CVE-2024-0397).
- Security updates on Python dependencies:
* zipp: Add patch CVE-2024-5569.patch from upstream gh#jaraco/zipp@fd604bd34f03
(bsc#1227547, CVE-2024-5569, bsc#1229996).
* setuptools: Sanitize any VCS URL we download
(CVE-2024-6345, bsc#1228105, bsc#1229995).
* idna: Add CVE-2024-3651.patch, backported from upstream commit
gh#kjd/idna#172/commits/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7
(bsc#1222842, bsc#1229994, CVE-2024-3651).
* urllib3: Added the ``Proxy-Authorization`` header to the list of headers
to strip from requests when redirecting to a different host
(bsc#1226469, bsc#1229654, CVE-2024-37891).

agraul added deneb_alpha as a reviewer 2 months ago

deneb_alpha accepted review 2 months ago

LGTM! thanks

deneb_alpha approved review 2 months ago

LGTM! thanks

agraul accepted request 2 months ago

openSUSE Build Service is sponsored by