Accepted ansible 1.7.2+dfsg-2+deb8u3 (source all) into oldoldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 5 May 2020 15:32:41 +0200
Source: ansible
Binary: ansible ansible-fireball ansible-node-fireball ansible-doc
Architecture: source all
Version: 1.7.2+dfsg-2+deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Janos Guljas <janos@debian.org>
Changed-By: Sylvain Beucler <beuc@debian.org>
Description:
ansible - Configuration management, deployment, and task execution system
ansible-doc - Ansible documentation and examples
ansible-fireball - Ansible fireball transport support
ansible-node-fireball - Ansible fireball transport support for nodes
Changes:
ansible (1.7.2+dfsg-2+deb8u3) jessie-security; urgency=high
.
* Non-maintainer upload by the LTS Team.
* CVE-2020-1740: a flaw was found when using Ansible Vault for editing
encrypted files. When a user executes "ansible-vault edit", another
user on the same computer can read the old and new secret, as it is
created in a temporary file with mkstemp and the returned file
descriptor is closed and the method write_data is called to write the
existing secret in the file. This method will delete the file before
recreating it insecurely.
* CVE-2020-1739: a flaw was found when a password is set with the
argument "password" of svn module, it is used on svn command line,
disclosing to other users within the same node. An attacker could take
advantage by reading the cmdline file from that particular PID on the
procfs.
* CVE-2020-1733: a race condition flaw was found when running a playbook
with an unprivileged become user. When Ansible needs to run a module
with become user, the temporary directory is created in /var/tmp. This
directory is created with "umask 77 && mkdir -p <dir>"; this operation
does not fail if the directory already exists and is owned by another
user. An attacker could take advantage to gain control of the become
user as the target directory can be retrieved by iterating
'/proc/<pid>/cmdline'.
* CVE-2019-14846: ansible was logging at the DEBUG level which lead to a
disclosure of credentials if a plugin used a library that logged
credentials at the DEBUG level. This flaw does not affect Ansible
modules, as those are executed in a separate process.
Checksums-Sha1:
8a743352a3fc883c7d6de01de2231d62d6b5ac16 1935 ansible_1.7.2+dfsg-2+deb8u3.dsc
018f7f1be25c9e425e6b6f9c0fe595cd4a8ec009 105260 ansible_1.7.2+dfsg-2+deb8u3.debian.tar.xz
6dc49184953139c4d7d050a8562984746b9fbd83 559526 ansible_1.7.2+dfsg-2+deb8u3_all.deb
12d6800ae71a9b03fc99d1f9263bcf28ceb3fc67 35348 ansible-fireball_1.7.2+dfsg-2+deb8u3_all.deb
cb08728b0d66dafe744c378e6561178786063a66 35326 ansible-node-fireball_1.7.2+dfsg-2+deb8u3_all.deb
ca781880f6402f725a088b036462b1c9bab102a6 512922 ansible-doc_1.7.2+dfsg-2+deb8u3_all.deb
Checksums-Sha256:
46ef8e02b5c372eea0e678f8a5d8070fd78b6237c4f602aecaa70feee78f1d96 1935 ansible_1.7.2+dfsg-2+deb8u3.dsc
bbfc6cb37f12904e0ebbce3467c34138d16f79adb8590d8905c2d71c25f66d82 105260 ansible_1.7.2+dfsg-2+deb8u3.debian.tar.xz
9e2ac854c4a7a9dc88ba45f436705f31be95dbaea7fb66654c8f24d2b095a119 559526 ansible_1.7.2+dfsg-2+deb8u3_all.deb
b48efe826b6b9478c152fee8a7dad0537f8e1f850713a86d9dbf8a10f45485f9 35348 ansible-fireball_1.7.2+dfsg-2+deb8u3_all.deb
87c1216e1d8ceb30d13f918b7ec151a47adf880e22be5f9843f8249b619b7d1c 35326 ansible-node-fireball_1.7.2+dfsg-2+deb8u3_all.deb
56cc19cf863c7429082179ce9111a331bcf24cc24df5c6a327f8bbd9c1d87206 512922 ansible-doc_1.7.2+dfsg-2+deb8u3_all.deb
Files:
3df822165ca0d1519004527714927ef3 1935 admin optional ansible_1.7.2+dfsg-2+deb8u3.dsc
cc809c0740ad513ee4165c922c78e779 105260 admin optional ansible_1.7.2+dfsg-2+deb8u3.debian.tar.xz
8706b68273d50b81b39de390fd674fe8 559526 admin optional ansible_1.7.2+dfsg-2+deb8u3_all.deb
347e15b83a3b798aacdc0083909d7896 35348 admin optional ansible-fireball_1.7.2+dfsg-2+deb8u3_all.deb
c1d3ecf48c82a5832a6961de6ef5753c 35326 admin optional ansible-node-fireball_1.7.2+dfsg-2+deb8u3_all.deb
bb0ac9373d3770228f6f90cd2014f708 512922 doc optional ansible-doc_1.7.2+dfsg-2+deb8u3_all.deb
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl6xb3sACgkQj/HLbo2J
BZ+drQf/ceD40CgBy+NyNFSzkrBzl/viJAyXsD/2WT5kN2SG5jEWgxe/gJXrt4zg
rZ7N1AQ8x8sX4GyKpWqH0jP5Jdglz5kUdw47rNPhwVX/mIac1jAupgy3dDfYwpoi
TfAkL48pLrP/WBYTNuW5Ix7P3GSOuydJZ0kcNMNtBepqgP0N1bqNp1Ramrs41php
yr8cli3bmA//Ko/fYVSjqUsP8P47zK4Fq9vRnZgyNLrvWlOfmKvRpv1d6vmpQ306
xd6aUy2Uc2nezx/LuQ3CAui49D+vD35D7C0swHR19FxlFsdCPeZH0SAJdPb5aIRx
q0Ov40Q2DS1+OqRh9l2dJCsBNv/hQA==
=PsjZ
-----END PGP SIGNATURE-----
Reply to: