Accepted ansible 1.7.2+dfsg-2+deb8u3 (source all) into oldoldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted ansible 1.7.2+dfsg-2+deb8u3 (source all) into oldoldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Tue, 05 May 2020 14:10:13 +0000
Message-id: <[🔎] E1jVyGz-0003mT-05@seger.debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 5 May 2020 15:32:41 +0200
Source: ansible
Binary: ansible ansible-fireball ansible-node-fireball ansible-doc
Architecture: source all
Version: 1.7.2+dfsg-2+deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Janos Guljas <janos@debian.org>
Changed-By: Sylvain Beucler <beuc@debian.org>
Description:
 ansible    - Configuration management, deployment, and task execution system
 ansible-doc - Ansible documentation and examples
 ansible-fireball - Ansible fireball transport support
 ansible-node-fireball - Ansible fireball transport support for nodes
Changes:
 ansible (1.7.2+dfsg-2+deb8u3) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2020-1740: a flaw was found when using Ansible Vault for editing
     encrypted files. When a user executes "ansible-vault edit", another
     user on the same computer can read the old and new secret, as it is
     created in a temporary file with mkstemp and the returned file
     descriptor is closed and the method write_data is called to write the
     existing secret in the file. This method will delete the file before
     recreating it insecurely.
   * CVE-2020-1739: a flaw was found when a password is set with the
     argument "password" of svn module, it is used on svn command line,
     disclosing to other users within the same node. An attacker could take
     advantage by reading the cmdline file from that particular PID on the
     procfs.
   * CVE-2020-1733: a race condition flaw was found when running a playbook
     with an unprivileged become user. When Ansible needs to run a module
     with become user, the temporary directory is created in /var/tmp. This
     directory is created with "umask 77 && mkdir -p <dir>"; this operation
     does not fail if the directory already exists and is owned by another
     user. An attacker could take advantage to gain control of the become
     user as the target directory can be retrieved by iterating
     '/proc/<pid>/cmdline'.
   * CVE-2019-14846: ansible was logging at the DEBUG level which lead to a
     disclosure of credentials if a plugin used a library that logged
     credentials at the DEBUG level. This flaw does not affect Ansible
     modules, as those are executed in a separate process.
Checksums-Sha1:
 8a743352a3fc883c7d6de01de2231d62d6b5ac16 1935 ansible_1.7.2+dfsg-2+deb8u3.dsc
 018f7f1be25c9e425e6b6f9c0fe595cd4a8ec009 105260 ansible_1.7.2+dfsg-2+deb8u3.debian.tar.xz
 6dc49184953139c4d7d050a8562984746b9fbd83 559526 ansible_1.7.2+dfsg-2+deb8u3_all.deb
 12d6800ae71a9b03fc99d1f9263bcf28ceb3fc67 35348 ansible-fireball_1.7.2+dfsg-2+deb8u3_all.deb
 cb08728b0d66dafe744c378e6561178786063a66 35326 ansible-node-fireball_1.7.2+dfsg-2+deb8u3_all.deb
 ca781880f6402f725a088b036462b1c9bab102a6 512922 ansible-doc_1.7.2+dfsg-2+deb8u3_all.deb
Checksums-Sha256:
 46ef8e02b5c372eea0e678f8a5d8070fd78b6237c4f602aecaa70feee78f1d96 1935 ansible_1.7.2+dfsg-2+deb8u3.dsc
 bbfc6cb37f12904e0ebbce3467c34138d16f79adb8590d8905c2d71c25f66d82 105260 ansible_1.7.2+dfsg-2+deb8u3.debian.tar.xz
 9e2ac854c4a7a9dc88ba45f436705f31be95dbaea7fb66654c8f24d2b095a119 559526 ansible_1.7.2+dfsg-2+deb8u3_all.deb
 b48efe826b6b9478c152fee8a7dad0537f8e1f850713a86d9dbf8a10f45485f9 35348 ansible-fireball_1.7.2+dfsg-2+deb8u3_all.deb
 87c1216e1d8ceb30d13f918b7ec151a47adf880e22be5f9843f8249b619b7d1c 35326 ansible-node-fireball_1.7.2+dfsg-2+deb8u3_all.deb
 56cc19cf863c7429082179ce9111a331bcf24cc24df5c6a327f8bbd9c1d87206 512922 ansible-doc_1.7.2+dfsg-2+deb8u3_all.deb
Files:
 3df822165ca0d1519004527714927ef3 1935 admin optional ansible_1.7.2+dfsg-2+deb8u3.dsc
 cc809c0740ad513ee4165c922c78e779 105260 admin optional ansible_1.7.2+dfsg-2+deb8u3.debian.tar.xz
 8706b68273d50b81b39de390fd674fe8 559526 admin optional ansible_1.7.2+dfsg-2+deb8u3_all.deb
 347e15b83a3b798aacdc0083909d7896 35348 admin optional ansible-fireball_1.7.2+dfsg-2+deb8u3_all.deb
 c1d3ecf48c82a5832a6961de6ef5753c 35326 admin optional ansible-node-fireball_1.7.2+dfsg-2+deb8u3_all.deb
 bb0ac9373d3770228f6f90cd2014f708 512922 doc optional ansible-doc_1.7.2+dfsg-2+deb8u3_all.deb

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl6xb3sACgkQj/HLbo2J
BZ+drQf/ceD40CgBy+NyNFSzkrBzl/viJAyXsD/2WT5kN2SG5jEWgxe/gJXrt4zg
rZ7N1AQ8x8sX4GyKpWqH0jP5Jdglz5kUdw47rNPhwVX/mIac1jAupgy3dDfYwpoi
TfAkL48pLrP/WBYTNuW5Ix7P3GSOuydJZ0kcNMNtBepqgP0N1bqNp1Ramrs41php
yr8cli3bmA//Ko/fYVSjqUsP8P47zK4Fq9vRnZgyNLrvWlOfmKvRpv1d6vmpQ306
xd6aUy2Uc2nezx/LuQ3CAui49D+vD35D7C0swHR19FxlFsdCPeZH0SAJdPb5aIRx
q0Ov40Q2DS1+OqRh9l2dJCsBNv/hQA==
=PsjZ
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted ntp 1:4.2.6.p5+dfsg-7+deb8u3 (source all amd64) into oldoldstable
Next by Date: Accepted sqlite3 3.8.7.1-1+deb8u5 (source all amd64) into oldoldstable
Previous by thread: Accepted ntp 1:4.2.6.p5+dfsg-7+deb8u3 (source all amd64) into oldoldstable
Next by thread: Accepted sqlite3 3.8.7.1-1+deb8u5 (source all amd64) into oldoldstable
Index(es):
- Date
- Thread