---
- branch: MAIN
  date: Fri Feb  2 20:17:24 UTC 2024
  files:
  - new: '1.84'
    old: '1.83'
    path: pkgsrc/sysutils/salt/Makefile
    pathrev: pkgsrc/sysutils/salt/Makefile@1.84
    type: modified
  - new: '1.3'
    old: '1.2'
    path: pkgsrc/sysutils/salt/Makefile.common
    pathrev: pkgsrc/sysutils/salt/Makefile.common@1.3
    type: modified
  - new: '1.49'
    old: '1.48'
    path: pkgsrc/sysutils/salt/distinfo
    pathrev: pkgsrc/sysutils/salt/distinfo@1.49
    type: modified
  id: 20240202T201724Z.b11f3eab24172a5d18826acb38639a45577f0c8f
  log: |
    salt: updated to 3006.6

    SALT 3006.6 RELEASE NOTES

    CHANGED

    Salt no longer time bombs user installations on code using salt.utils.versions.warn_until_date

    FIXED

    Fix un-closed transport in tornado netapi

    SECURITY

    CVE-2024-22231 Prevent directory traversal when creating syndic cache directory on the master CVE-2024-22232 Prevent directory traversal attacks in the master's serve_file method. These vulerablities were discovered and reported by: Yudi Zhao(Huawei Nebula Security Lab),Chenwei Jiang(Huawei Nebula Security Lab)

    Update some requirements which had some security issues:

    Bump to pycryptodome==3.19.1 and pycryptodomex==3.19.1 due to https://github.com/advisories/GHSA-j225-cvw7-qrx7

    Bump to gitpython==3.1.41 due to https://github.com/advisories/GHSA-2mqj-m65w-jghx

    Bump to jinja2==3.1.3 due to https://github.com/advisories/GHSA-h5c8-rqwp-cp95
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/sysutils/salt'
  unixtime: '1706905044'
  user: adam