mirror of
https://github.com/saltstack/salt.git
synced 2025-04-16 17:50:20 +00:00
5b2e752d5e
The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-38325
[https://github.com/pyca/cryptography/issues/9207](pyca/cryptography#9207)
[https://github.com/pyca/cryptography/issues/9208](pyca/cryptography#9208)
[https://github.com/pyca/cryptography/compare/41.0.1...41.0.2](pyca/cryptography@41.0.1...41.0.2)
https://pypi.org/project/cryptography/#history
[1ca7adc97b](pyca/cryptography@1ca7adc)
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
13 lines
411 B
Text
13 lines
411 B
Text
# This file only exists to trigger the right static compiled requirements destination.
|
|
# Any non hard dependencies of Salt for linux can go here
|
|
cherrypy
|
|
backports.ssl_match_hostname>=3.7.0.1; python_version < '3.7'
|
|
pycparser>=2.21; python_version >= '3.9'
|
|
pyopenssl>=19.0.0
|
|
python-dateutil>=2.8.0
|
|
python-gnupg>=0.4.4
|
|
rpm-vercmp
|
|
setproctitle>=1.2.3
|
|
timelib>=0.2.5
|
|
importlib-metadata>=3.3.0
|
|
cryptography>=41.0.2
|