{"affected":[{"ecosystem_specific":{"binaries":[{"venv-salt-minion":"3006.0-120002.5.9.1"}]},"package":{"ecosystem":"SUSE:Multi Linux Manager Tools SLE-12","name":"venv-salt-minion","purl":"pkg:rpm/suse/venv-salt-minion&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-12"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3006.0-120002.5.9.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update fixes the following issues:\n\nvenv-salt-minion:\n\n- Backport security patches for Salt vendored tornado:\n  * CVE-2025-67724: missing validation of supplied reason phrase (bsc#1254903)\n  * CVE-2025-67725: fix DoS via malicious HTTP request (bsc#1254905)\n  * CVE-2025-67726: fix HTTP header parameter parsing algorithm (bsc#1254904)\n- Make syntax in httputil_test compatible with Python 3.6  \n- Fix KeyError in postgres module with PostgreSQL 17 (bsc#1254325)\n- Use internal deb classes instead of external aptsource lib\n- Speed up wheel key.finger call (bsc#1240532)\n- Simplify and speed up utils.find_json function (bsc#1246130)\n- Extend warn_until period to 2027\n\n","id":"SUSE-SU-2026:0629-1","modified":"2026-02-25T09:45:33Z","published":"2026-02-25T09:45:33Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2026/suse-su-20260629-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1240532"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246130"},{"type":"REPORT","url":"https://bugzilla.suse.com/1254325"},{"type":"REPORT","url":"https://bugzilla.suse.com/1254903"},{"type":"REPORT","url":"https://bugzilla.suse.com/1254904"},{"type":"REPORT","url":"https://bugzilla.suse.com/1254905"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-67724"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-67725"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-67726"}],"related":["CVE-2025-67724","CVE-2025-67725","CVE-2025-67726"],"summary":"Security update 5.1.2 for Multi-Linux Manager Salt Bundle","upstream":["CVE-2025-67724","CVE-2025-67725","CVE-2025-67726"]}