Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package salt for openSUSE:Factory checked in at 2026-01-28 15:08:13 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/salt (Old) and /work/SRC/openSUSE:Factory/.salt.new.1928 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "salt" Wed Jan 28 15:08:13 2026 rev:191 rq:1329465 version:3006.0 Changes: -------- --- /work/SRC/openSUSE:Factory/salt/salt.changes 2026-01-21 14:14:35.059906430 +0100 +++ /work/SRC/openSUSE:Factory/.salt.new.1928/salt.changes 2026-01-28 15:09:16.931324393 +0100 @@ -16 +16,4 @@ -- Add security patches (bsc#1254903,bsc#1254905,bsc#1254904) +- Backport security patches for Salt vendored tornado: + * CVE-2025-67724: missing validation of supplied reason phrase (bsc#1254903) + * CVE-2025-67725: fix DoS via malicious HTTP request (bsc#1254905) + * CVE-2025-67726: fix HTTP header parameter parsing algorithm (bsc#1254904) @@ -36 +39 @@ -- Add minimum_auth_version to enforce security (CVE-2025-62349) +- CVE-2025-62349: Add minimum_auth_version to enforce security (bsc#1254257) @@ -41 +44 @@ -- Junos module yaml loader fix (CVE-2025-62348) +- CVE-2025-62348: Junos module yaml loader fix (bsc#1254256) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _lastrevision ++++++ --- /var/tmp/diff_new_pack.DlKP4r/_old 2026-01-28 15:09:21.551516307 +0100 +++ /var/tmp/diff_new_pack.DlKP4r/_new 2026-01-28 15:09:21.563516806 +0100 @@ -1,3 +1,2 @@ -c0445b44ea96c5db56fbd74a2c29c81f16c8d5c0 -(No newline at EOF) +b9f7b17d7248f80ac48596f6347fb328bd11c402
