Format: 1.8
Date: Fri, 12 Jul 2019 11:48:46 -0300
Source: ansible
Binary: ansible ansible-fireball ansible-node-fireball
Architecture: all
Version: 2.0.0.2-2ubuntu1.2
Distribution: xenial
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lgw01-amd64-038.buildd>
Changed-By: Paulo Flabiano Smorigo <pfsmorigo@canonical.com>
Description:
 ansible    - Configuration management, deployment, and task execution system
 ansible-fireball - Ansible fireball transport support
 ansible-node-fireball - Ansible fireball transport support for nodes
Changes:
 ansible (2.0.0.2-2ubuntu1.2) xenial-security; urgency=medium
 .
   * SECURITY UPDATE: Fix vulnerability where a local user could use symlinks
     to write arbitrary files or gain privileges.
     - debian/patches/CVE-2016-3096.patch: Do not use a predictable filenames
       in the LXC plugin.
     - CVE-2016-3096
   * SECURITY UPDATE: Avoid unicode strings injection.
     - debian/patches/CVE-2017-7481.patch: Fixing security issue with lookup
       returns not tainting the jinja2 environment.
     - CVE-2017-7481
   * SECURITY UPDATE: Fix a flaw in ansible.cfg where an attacker could point
     to a plugin or a module path under control and execute arbitrary code.
     - debian/patches/CVE-2018-10875.patch: Ignore ansible.cfg in world
       writable cwd.
     - CVE-2018-10875
   * SECURITY UPDATE: Avoid information disclosure in log and command line.
     - debian/patches/CVE-2018-16837.patch: user: Don't pass ssh_key_passphrase
       on command line.
     - CVE-2018-16837
Checksums-Sha1:
 b966ddc0ae67e0beadf329bbe5296363e12bc7a2 11648 ansible-fireball_2.0.0.2-2ubuntu1.2_all.deb
 3c6183c86b903a0005ab6dc2fdaf893dac9eda56 13252 ansible-node-fireball_2.0.0.2-2ubuntu1.2_all.deb
 4dec6c7ee9f1024d70a46f14399408fe0d546703 1018190 ansible_2.0.0.2-2ubuntu1.2_all.deb
Checksums-Sha256:
 43652e1ef304d690315532e45eb78f6ba9424266d503376561d30d5c1e268887 11648 ansible-fireball_2.0.0.2-2ubuntu1.2_all.deb
 3fa36a80c8cd102d092a521915743c331b4997e57a1957dd9ac7af19885dab00 13252 ansible-node-fireball_2.0.0.2-2ubuntu1.2_all.deb
 17dcf626b62d96847b24a9ddf65724dc981ad1eecaea86194525a3276205ce86 1018190 ansible_2.0.0.2-2ubuntu1.2_all.deb
Files:
 65cd804e10cee82c7efd49f902257cfd 11648 admin optional ansible-fireball_2.0.0.2-2ubuntu1.2_all.deb
 0d17d905c4aeda3da755099b404dfc62 13252 admin optional ansible-node-fireball_2.0.0.2-2ubuntu1.2_all.deb
 4ad348248be4ec347ab223e7e3bfc0a9 1018190 admin optional ansible_2.0.0.2-2ubuntu1.2_all.deb
Original-Maintainer: Janos Guljas <janos@debian.org>