Format: 1.8
Date: Thu, 11 Jul 2019 17:55:43 -0300
Source: ansible
Binary: ansible
Architecture: all
Version: 2.5.1+dfsg-1ubuntu0.1
Distribution: bionic
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lgw01-amd64-024.buildd>
Changed-By: Paulo Flabiano Smorigo <pfsmorigo@canonical.com>
Description:
 ansible    - Configuration management, deployment, and task execution system
Changes:
 ansible (2.5.1+dfsg-1ubuntu0.1) bionic-security; urgency=medium
 .
   * SECURITY UPDATE: Fix a vulnerability in inventory variables where an
     attacker could run arbitrary code.
     - debian/patches/CVE-2018-10874.patch: Avoid loading vars on unspecified
       basedir (cwd).
     - CVE-2018-10874
   * SECURITY UPDATE: Fix a flaw in ansible.cfg where an attacker could point
     to a plugin or a module path under control and execute arbitrary code.
     - debian/patches/CVE-2018-10875.patch: Ignore ansible.cfg in world
       writable cwd.
     - CVE-2018-10875
   * SECURITY UPDATE: Avoid information disclosure in log and command line.
     - debian/patches/CVE-2018-10855.patch: no_log even when task_result
       doesn't provide key.
     - debian/patches/CVE-2018-16837.patch: user: Don't pass ssh_key_passphrase
       on command line.
     - debian/patches/CVE-2018-16876.patch: Ensure ssh retry respects no log.
     - CVE-2018-10855
     - CVE-2018-16837
     - CVE-2018-16876
   * SECURITY UPDATE: Fix traversal path vulnerability which allows copying
     and overwriting files outside of the specified destination in the local
     ansible controller host, by not restricting an absolute path.
     - debian/patches/CVE-2019-3828.patch: Disallow use of remote home
       directories containing ".." in their path
     - CVE-2019-3828
   * SECURITY UPDATE: Sensitive information could be exposed to remote node.
     - debian/patches/CVE-2019-10156-1.patch: Don't pass locals.
     - debian/patches/CVE-2019-10156-2.patch: Fixed tests.
     - CVE-2019-10156
Checksums-Sha1:
 dd5907c80a0a6e6a2b8fd9541ab8baa2827f7e38 3198096 ansible_2.5.1+dfsg-1ubuntu0.1_all.deb
 0447d887e2414798d62e475126a12c213fb4851e 6326 ansible_2.5.1+dfsg-1ubuntu0.1_amd64.buildinfo
Checksums-Sha256:
 9e9ce5337e3e5346d9833f6c1810a4aa886ec27980d58c1cf34bd639a44abf9f 3198096 ansible_2.5.1+dfsg-1ubuntu0.1_all.deb
 d71da5bbfba1d342baf8621c598fa82071e2e17fcde8eb536e30838d53523118 6326 ansible_2.5.1+dfsg-1ubuntu0.1_amd64.buildinfo
Files:
 b855ef040b860f099a7528354ee28415 3198096 admin optional ansible_2.5.1+dfsg-1ubuntu0.1_all.deb
 444b770ed9a782a08ecedbc121f74e4f 6326 admin optional ansible_2.5.1+dfsg-1ubuntu0.1_amd64.buildinfo
Original-Maintainer: Harlan Lieberman-Berg <hlieberman@debian.org>