Your message dated Fri, 25 Nov 2016 21:03:34 +0000
with message-id <[email protected]>
and subject line Bug#842985: fixed in ansible 2.2.0.0-1
has caused the Debian Bug report #842985,
regarding ansible: CVE-2016-8628: Command injection by compromised server via
fact variables
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
842985: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842985
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ansible
Version: 2.1.1.0-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for ansible.
CVE-2016-8628[0]:
Command injection by compromised server via fact variables
Details are though bit scarce yet, no upstream reference handy for
the fixing commit.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-8628
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1388113
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ansible
Source-Version: 2.2.0.0-1
We believe that the bug you reported is fixed in the latest version of
ansible, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Lee Garrett <[email protected]> (supplier of updated ansible package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 25 Nov 2016 20:52:24 +0100
Source: ansible
Binary: ansible
Architecture: source
Version: 2.2.0.0-1
Distribution: unstable
Urgency: medium
Maintainer: Harlan Lieberman-Berg <[email protected]>
Changed-By: Lee Garrett <[email protected]>
Closes: 834056 842984 842985 843763 843995
Description:
ansible - Configuration management, deployment, and task execution system
Changes:
ansible (2.2.0.0-1) unstable; urgency=medium
.
* New upstream release: (Closes: #843763)
- CVE-2016-8628 (Closes: #842985)
- CVE-2016-8614 (Closes: #842984)
* Add python-kerberos, python-winrm, python-xmltodict to Recommends, needed
to manage Windows hosts. (Closes: #843995)
* Suggest cowsay (Closes: #834056)
Checksums-Sha1:
6b88ff8d874153e7f906df193c7c9e640d773929 2130 ansible_2.2.0.0-1.dsc
dd150530be9f75f7b9f716b2044b438494c6605a 2441851 ansible_2.2.0.0.orig.tar.gz
15f3289d60dcd15cc1d49738c8435048fe699dbc 19812 ansible_2.2.0.0-1.debian.tar.xz
Checksums-Sha256:
0698df0158f739d37dca4f9bb251dd03c7d348890d05338d715c2f56504a4aef 2130
ansible_2.2.0.0-1.dsc
d9f198d293394ce0f8ba802561b21368888e3301036a706b5584641b49408586 2441851
ansible_2.2.0.0.orig.tar.gz
9cec23fe126a178c982948a904e3cfe8a2cd6e685f5140947d9c88ef43614ff0 19812
ansible_2.2.0.0-1.debian.tar.xz
Files:
d2888949ab0de62d0f819b791eeb4f6e 2130 admin optional ansible_2.2.0.0-1.dsc
a19999efedc1b97b91250cda5df73f8a 2441851 admin optional
ansible_2.2.0.0.orig.tar.gz
9abc9e976982dadf019e478fa83bc22f 19812 admin optional
ansible_2.2.0.0-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJ8BAEBCgBmBQJYOJ7eXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQwQjhGRTA3NDJENTI3OURDNjU1MEUyODk4
NTQwOUVFNEI5OUY4OTYxAAoJEIVAnuS5n4lhQ+0QAJYwUT/XBO59Jj9+G/hO6U5r
jFe/tjlzUSMbsWyb/luin0YD/ja+FKhXUKUuxZsZAxLmuSH+rcIp+bP7FSwn6Ag2
Uusv77vVyehRbkWaliy4Dy1Q7K8+5lvmO3VFhdI4OSPYnXNokO6GOpu0JgiI5dT0
/vaumsEuOIfhGIdpcvJegb6UjNUyj+jNGn+FCyKBI7UmV46utKrdlI6/ti6Hegx6
qSAYz9nRTzp4OdvllVAPe3poeCtSlz2SBc48yQMUt673V7tSOs1LmmEx4+Id9sDW
xYCCLRXWvxWSVFjYPZy7/Ey3adQ7Kn4c5DAtanKAlsPLpTxb2aTqbHtr94EddS7q
R38gxFNw7k7LMUZBh3QSBTHK0+INNFSR4Y33/wwn14U2yRalPymxGmQGBjVBMAFC
3+1Mn4ifBxjk0T47Z82JfIt0X+/H4JGDdExfffO4HoLWH16u+crmUld1Sygs1MKd
MIcbF0WrcFDf7yErmDGIPqyQ2UNKW274Z6u0hvSX3Hh/33pUffTsJcK31Cz8gRCh
rYzbQd9i4q3+b4Wq9hdG7sf3+MRAZO61Hz7iKnW1VzJvhIvOMFW42sYfMCieyKFc
onOEs51dt8osaC1OP+yOB346G+5YkTfJngM3F9OWe95SfURlXeyNUcp4TWz614oO
wW+UY2UQZWLKUG6FnT5F
=PJ8W
-----END PGP SIGNATURE-----
--- End Message ---
