Your message dated Sun, 21 Nov 2021 01:41:47 +0100
with message-id <7f29ec6be4db55571badb591100056bedd73cd2a.ca...@debian.org>
and subject line Re: typo in fix for CVE-2021-21996 breaks file.managed on
stretch
has caused the Debian Bug report #1000265,
regarding typo in fix for CVE-2021-21996 breaks file.managed on stretch
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1000265: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000265
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: salt-common
Version: 2016.11.2+ds-1+deb9u8
Severity: grave
The patch for 994016 in the
/usr/lib/python2.7/dist-packages/salt/fileclient.py file included:
+ # clean_path returns an empty string if the check fails
+ root_path = salt.utils.path.join(cachedir, "extrn_files", saltenv,
netloc)
which might work for newer versions of salt, but in stretch that has
to be salt.utils.path_join(...) as the salt.utils.path module didn't
exist yet. As-is, the security update for CVE-2021-21996 makes
file.managed states fail with:
Unable to manage file: 'module' object has no attribute 'path'
which makes salt on stretch pretty much unusable.
--
Jamie Heilman http://audible.transient.net/~jamie/
--- End Message ---
--- Begin Message ---
Version: 2016.11.2+ds-1+deb9u9
signature.asc
Description: This is a digitally signed message part
--- End Message ---
