File _patchinfo of Package patchinfo.32228

<patchinfo incident="32228">
  <issue tracker="ijsc" id="MSQA-719"/>
  <issue tracker="bnc" id="1211649">L3: Salt-ssh environment: ssh-minion-action-executor stuck</issue>
  <issue tracker="bnc" id="1216284">After update to 4.3.8 salt command returns Authentication failure of type "user" occurred</issue>
  <issue tracker="bnc" id="1193948">Issue with salt and gitfs and multienvironment  with salt pillars</issue>
  <issue tracker="bnc" id="1215963">System onboarding failing with Minion is down or could not be contacted.</issue>
  <issue tracker="bnc" id="1219430">VUL-0: CVE-2024-22231: salt: Syndic cache directory creation is vulnerable to a directory traversal attack.</issue>
  <issue tracker="bnc" id="1219431">VUL-0: CVE-2024-22232: salt: A specially crafted url can be created which leads to a directory traversal in the salt file server.</issue>
  <issue tracker="cve" id="2024-22231"/>
  <issue tracker="cve" id="2024-22232"/>
  <packager>agraul</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for salt</summary>
  <description>This update for salt fixes the following issues:

Security issues fixed:

- CVE-2024-22231: Prevent directory traversal when creating syndic cache directory
  on the master (bsc#1219430)
- CVE-2024-22232: Prevent directory traversal attacks in the master's serve_file
  method (bsc#1219431)

Bugs fixed:

- Ensure that pillar refresh loads beacons from pillar without restart
- Fix the aptpkg.py unit test failure
- Prefer unittest.mock to python-mock in test suite
- Enable "KeepAlive" probes for Salt SSH executions (bsc#1211649)
- Revert changes to set Salt configured user early in the stack (bsc#1216284)
- Align behavior of some modules when using salt-call via symlink (bsc#1215963)
- Fix gitfs "__env__" and improve cache cleaning (bsc#1193948)
- Remove python-boto dependency for the python3-salt-testsuite package for Tumbleweed
</description>
  <zypp_restart_needed/>
</patchinfo>