Accepted ansible 2.2.1.0-2+deb9u2 (source) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 27 Jan 2021 16:24:29 +0100
Source: ansible
Binary: ansible
Architecture: source
Version: 2.2.1.0-2+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Harlan Lieberman-Berg <hlieberman@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
ansible - Configuration management, deployment, and task execution system
Changes:
ansible (2.2.1.0-2+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2017-7481:
Ansible fails to properly mark lookup-plugin results as unsafe. If an
attacker could control the results of lookup() calls, they could inject
Unicode strings to be parsed by the jinja2 templating system, resulting in
code execution. By default, the jinja2 templating language is now marked as
'unsafe' and is not evaluated.
* Fix CVE-2019-10156:
A flaw was discovered in the way Ansible templating was implemented,
causing the possibility of information disclosure through unexpected
variable substitution. By taking advantage of unintended variable
substitution the content of any variable may be disclosed.
* Fix CVE-2019-14846:
Ansible was logging at the DEBUG level which lead to a disclosure of
credentials if a plugin used a library that logged credentials at the DEBUG
level. This flaw does not affect Ansible modules, as those are executed in
a separate process.
* Fix CVE-2019-14904:
A flaw was found in the solaris_zone module from the Ansible Community
modules. When setting the name for the zone on the Solaris host, the zone
name is checked by listing the process with the 'ps' bare command on the
remote machine. An attacker could take advantage of this flaw by crafting
the name of the zone and executing arbitrary commands in the remote host.
Checksums-Sha1:
b34ca116f1436e1df5428c490e5a2c98e19cbbe6 2219 ansible_2.2.1.0-2+deb9u2.dsc
61988c768d5c5e4949cd05919f70b025c4c291e9 26348 ansible_2.2.1.0-2+deb9u2.debian.tar.xz
f3dcfb9b7aa73ed26d0f1e6ea8cd63e30d8777e1 7039 ansible_2.2.1.0-2+deb9u2_amd64.buildinfo
Checksums-Sha256:
79a3f621d5285d33e5694d43a57d31ef181ca8e0d1f3a619c908a26eca86623b 2219 ansible_2.2.1.0-2+deb9u2.dsc
61345062b3551c3fe801e8a6b7dab56086042c1e187d24d4474dbd201ec11573 26348 ansible_2.2.1.0-2+deb9u2.debian.tar.xz
073b71b2d9df3faa057b97a20ac6b18b6efa5eb6e318756a08d56a9310677f30 7039 ansible_2.2.1.0-2+deb9u2_amd64.buildinfo
Files:
8383d9f6d14c9237973b8c4ec5dfd0fb 2219 admin optional ansible_2.2.1.0-2+deb9u2.dsc
e2ca7b244a9125f6bdb8bcaec54051c6 26348 admin optional ansible_2.2.1.0-2+deb9u2.debian.tar.xz
c4b7a431628bde632eed661b460b4d29 7039 admin optional ansible_2.2.1.0-2+deb9u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmARzE5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hkw58QAMMMzeXRQrGO6WcC9auspsCWbgdoFUbefQgj
C8MUJboLlTSAQ0DCtFVgE1nd10teqP7/POkYBL+DhoFRPyn4LJ7Nk2IvPmupvEBU
u1qneJ91GqFuGpLLNqG3Epnw4a+Ebhm6HXeWiivN4Y3qJKObezsaJWOOJ14kX49q
Iqzb04fA4SJ93RyMzq6uSYzJUhRmiD5oEPIlY32s1z7Nm1Gf8hRDctdyr3oe1/hK
800p/qv7OiFpHeOCN4Z2Sbs+ZjTYlU/vAKJgdX0QxXmr5LgO5qpes69T2bCPnhpR
RSxVUuxrZQYQBFWmABKWsbgnn0Yi9lsPdwyx2dtnXkTL/K1tNwkxjb1yBf91Kl6i
V1Nt/UmdNS7nOdsePjVq0L1yi/wH05eEg33ryG3R5Brs4itnzLOA7AWJp1uM6xG0
j2wBJ9PS04GlR3HtdCsNxxyVaVIjQRKzFQCCgV1aPeCGVi+Tdo/YEIBf+lcsDQ0d
gzCejPliSKkCLaURRBqjVbokAgim1VsJX0cvQkaLBWWBpXcqTysgjwU242c93DKn
ea4Lc3wiJZFNLnSP/8inf3phSefMeNFHonUfJGZMvLBCmPxH8Lch8liXhadC525k
DXJdarcZE0i0hemkI3QRd7/Icatkp1AKrIVVOk41339CSL15qLsRS6OAQfHqThHv
zTCpHac1
=rxyZ
-----END PGP SIGNATURE-----
Reply to: