[Bug 1839312] Re: Sync ansible 2.8.3+dfsg-1 (universe) from Debian unstable (main)
Rik Mills
rik.mills88 at gmail.com
Wed Aug 7 21:21:28 UTC 2019
This bug was fixed in the package ansible - 2.8.3+dfsg-1
---------------
ansible (2.8.3+dfsg-1) unstable; urgency=medium
* New upstream release (Closes: #932288)
* This release fixes CVE-2019-10156 (Closes: #930065)
-- Lee Garrett <debian at rocketjump.eu> Thu, 01 Aug 2019 10:39:19 -0300
** Changed in: ansible (Ubuntu)
Status: Confirmed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-10156
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1839312
Title:
Sync ansible 2.8.3+dfsg-1 (universe) from Debian unstable (main)
Status in ansible package in Ubuntu:
Fix Released
Bug description:
Please sync ansible 2.8.3+dfsg-1 (universe) from Debian unstable
(main)
Explanation of the Ubuntu delta and why it can be dropped:
* SECURITY UPDATE: Sensitive information could be exposed to remote node.
- debian/patches/CVE-2019-10156-1.patch: Don't pass locals.
- debian/patches/CVE-2019-10156-2.patch: Fixed tests.
- CVE-2019-10156
-> Security fix is in newest debian version
Changelog entries since current eoan version 2.7.8+dfsg-1ubuntu1:
ansible (2.8.3+dfsg-1) unstable; urgency=medium
* New upstream release (Closes: #932288)
* This release fixes CVE-2019-10156 (Closes: #930065)
-- Lee Garrett <debian at rocketjump.eu> Thu, 01 Aug 2019 10:39:19
-0300
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ansible/+bug/1839312/+subscriptions
More information about the Ubuntu-sponsors
mailing list