Hi,On Sun, 26 Jun 2022 13:55:24 +0200 Salvatore Bonaccorso <car...@debian.org> wrote:
Source: salt
The following vulnerability was published for salt. CVE-2022-22967[0]: | An issue was discovered in SaltStack Salt in versions before 3002.9, | 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows | a previously authorized user whose account is locked still run Salt | commands when their account is locked. This affects both local shell | accounts with an active session and salt-api users that authenticate | via PAM eauth.
As much as I'd like to stay away from fixing packages, do you need help with this one? It causing RC issues in testing even though it's removed.
https://qa.debian.org/dose/debcheck/src_testing_main/1661922002/packages/pytest-testinfra.html#076c12ad0c0676e354433b4fd854e3d5There's a new upstream release and I pulled it locally, but there are a lot of changes. So without experience with the package, it's a bit much to go over.
Paul PS: please CC me in reply.
OpenPGP_signature
Description: OpenPGP digital signature
