File _patchinfo of Package patchinfo.31024

<patchinfo incident="31024">
  <issue tracker="bnc" id="1213518">SUSE Manager Server 4.3: SLSPATH / TPLPATH variable in Salt broken after updating to salt-3006</issue>
  <issue tracker="bnc" id="1213293">Highstate fails on SLE Micro 5.4 - AttributeError: 'str' object has no attribute 'get'</issue>
  <issue tracker="bnc" id="1214477">Salt key auto acceptance based on grains seems to fail with numeric values or boolean values</issue>
  <issue tracker="bnc" id="1215157">VUL-0: salt: arbitrary code execution via symlink attack</issue>
  <issue tracker="cve" id="2023-34049"/>
  <issue tracker="ijsc" id="MSQA-706"/>
  <packager>PSuarezHernandez</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for salt</summary>
  <description>This update for salt fixes the following issues:

Security issues fixed:

- CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157)

Bugs fixed:

- Fix optimization_order opt to prevent testsuite fails
- Improve salt.utils.json.find_json to avoid fails (bsc#1213293)
- Use salt-call from salt bundle with transactional_update
- Only call native_str on curl_debug message in tornado when needed
- Implement the calling for batch async from the salt CLI
- Fix calculation of SLS context vars when trailing dots
  on targetted sls/state (bsc#1213518)
- Rename salt-tests to python3-salt-testsuite
- CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157)
- Allow all primitive grain types for autosign_grains (bsc#1214477)
</description>
  <zypp_restart_needed/>
</patchinfo>