Accepted ansible 1.7.2+dfsg-2+deb8u2 (source all) into oldoldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted ansible 1.7.2+dfsg-2+deb8u2 (source all) into oldoldstable
From: roberto@debian.org (Roberto C. Sanchez)
Date: Mon, 16 Sep 2019 11:20:13 +0000
Message-id: <[🔎] E1i9p3F-00040v-Dc@seger.debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 06 Sep 2019 08:01:41 -0400
Source: ansible
Binary: ansible ansible-fireball ansible-node-fireball ansible-doc
Architecture: source all
Version: 1.7.2+dfsg-2+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Janos Guljas <janos@debian.org>
Changed-By: Roberto C. Sanchez <roberto@debian.org>
Description:
 ansible    - Configuration management, deployment, and task execution system
 ansible-doc - Ansible documentation and examples
 ansible-fireball - Ansible fireball transport support
 ansible-node-fireball - Ansible fireball transport support for nodes
Closes: 930065
Changes:
 ansible (1.7.2+dfsg-2+deb8u2) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2015-3908: Fix potential man-in-the-middle attack associated with
     insusfficient X.509 certificate verification.  Ansible did not verify that
     the server hostname matches a domain name in the subject's Common Name (CN)
     or subjectAltName field of the X.509 certificate, which allows
     man-in-the-middle attackers to spoof SSL servers via an arbitrary valid
     certificate.
   * CVE-2015-6240: Fix a symlink attack that allows local users to escape a
     restricted environment (chroot or jail) via a symlink attack.
   * CVE-2018-10875: Fix potential arbitrary code execution resulting from
     reading ansible.cfg from a world-writable current working directory.  This
     condition now causes ansible to emit a warning and ignore the ansible.cfg
     in the world-writable current working directory.
   * CVE-2019-10156: Fix information disclosure through unexpected variable
     substitution. (Closes: #930065)
Checksums-Sha1:
 211d442b99bacb3c3df4e9d288075bd6c8804237 2280 ansible_1.7.2+dfsg-2+deb8u2.dsc
 f72f973e0b2fe30a27f50870ec177f641130db02 103088 ansible_1.7.2+dfsg-2+deb8u2.debian.tar.xz
 ca3d9cac143acdaa40a6c445ad41c790abf551a1 557362 ansible_1.7.2+dfsg-2+deb8u2_all.deb
 3e49f367b3a26f5723fbe69bc542563e9cf5bbd4 34628 ansible-fireball_1.7.2+dfsg-2+deb8u2_all.deb
 b409f1bc1731c0608d57daa4db1c9e311b2be4d4 34600 ansible-node-fireball_1.7.2+dfsg-2+deb8u2_all.deb
 deb41563537fecdd1f259aeeb9d5ee653f018169 512818 ansible-doc_1.7.2+dfsg-2+deb8u2_all.deb
Checksums-Sha256:
 eea0adff02f72edfb5920ec13127613b7d90aa13a19a57ecfc3473d5136b0d26 2280 ansible_1.7.2+dfsg-2+deb8u2.dsc
 79fddad2fd731a1afb92182ab7fc756a29b39e4ef90fbfae594975c0e5413841 103088 ansible_1.7.2+dfsg-2+deb8u2.debian.tar.xz
 d69807e385acef72fdcbaabe94004cea704c93de012cb2ddfc2cea3d80f4be60 557362 ansible_1.7.2+dfsg-2+deb8u2_all.deb
 d8b9d4851c93be4a531516c6e2da2a511dcc7e5e815f887111314b137cc9f248 34628 ansible-fireball_1.7.2+dfsg-2+deb8u2_all.deb
 bdd87278bac77ae3a40903d8cfb626d7d2eadb359fc9355211bda546f0182617 34600 ansible-node-fireball_1.7.2+dfsg-2+deb8u2_all.deb
 c0a2a42984977abf60778e8491115c184eafdda28e8c0a29d65085fab0883993 512818 ansible-doc_1.7.2+dfsg-2+deb8u2_all.deb
Files:
 f8dab4bd8009ad3336eff163b29dc3d9 2280 admin optional ansible_1.7.2+dfsg-2+deb8u2.dsc
 033a325d12e1921b573babe3a1070c03 103088 admin optional ansible_1.7.2+dfsg-2+deb8u2.debian.tar.xz
 d24a33d0d9205be136ef93b540f07745 557362 admin optional ansible_1.7.2+dfsg-2+deb8u2_all.deb
 d1bc795d76002f8e9992023659c54d84 34628 admin optional ansible-fireball_1.7.2+dfsg-2+deb8u2_all.deb
 67a8cd055b75cba65f6687a5a15d5d3e 34600 admin optional ansible-node-fireball_1.7.2+dfsg-2+deb8u2_all.deb
 e312d927a12edff52ecff32956c43d84 512818 doc optional ansible-doc_1.7.2+dfsg-2+deb8u2_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAl1yTbcACgkQLNd4Xt2n
sg/olw//aPriAZhowvK2cNB2RipVDux6vlcDqq5tfEsE5l1tIwFVaQOzhpjh4SFg
8qn3cIfp2Q+46j0GaGRqpwhQGaDbEF8w9WOB7GpxvRJOQtcyj6crxhLGrv9eMum/
3+AFHBkgQ60xgR/EXBq12socblUCMqee3fOcbGreDxJ7C49CZsqK7GSQMyv25fuA
VafXs3kwvxsDGVyzSbeTl0OJeNEIj1DhqbDcxpGxKc1a3N/mI6OqgGRL+VtoC+9s
irTavjGhFh5m25FcgSSC8CfFVxS6mD0waDT2Z9uY4VTFmXIbcKT8p1OQVqiYknqd
V0z59AfsF87NgvDqfKBjorrm8Yaujff7PQeyjFUAIoewHEpZ+XwSFwvEySOIIbQP
hPJmRa2KCeGA8pYbZMATv23yFJyPt/uwcMw5bfJe3WwjK+gXmOdgVMHMqdv/h9vU
eJEA7R6tREA5YTCyU+VExuT+PKfoTkubocL0QuPqFqrUSgWAcZuKvGKY3ktB5RqA
W34u65/CumZFuc7m6Ce4OzLbSN9pzeXT2aYomNLszZytCWKMGCRUCgSmbQB54inF
Ims2WMpvFOcqbFG8rCKFxi4RDi7cV2hIRW6VsMtY+juz/CTxtNkwchdVm3yvWHIQ
m20cZdDZkoICBi90OUo9h7R2svBfunIi2vbvB030e9ROCfk7UK4=
=je2O
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted python2.7 2.7.9-2+deb8u5 (source all amd64) into oldoldstable
Next by Date: Accepted python3.4 3.4.2-1+deb8u7 (source all amd64) into oldoldstable
Previous by thread: Accepted python2.7 2.7.9-2+deb8u5 (source all amd64) into oldoldstable
Next by thread: Accepted python3.4 3.4.2-1+deb8u7 (source all amd64) into oldoldstable
Index(es):
- Date
- Thread