Hi Chris,
On 10/30/2018 05:35 AM, Chris Lamb wrote:
From the upstream changelog for 2.7.1+dfsg-1 (already in unstable):
[..]
- user module - do not pass ssh_key_passphrase on cmdline
(CVE-2018-16837)
Thanks for providing this and no problem that this wasn't in the
changelog.
Security team: This still affects stretch and jessie as I unless
I'm missing something - would you like me to prepare an upload for
stable? I'm happy to take the LTS side of things.
(If so Ivo, can I push these to some VCS? I note it is in collab-
maint but I thought I might check...)
Just to be clear: I'm not involved in packaging ansible. I just noticed
the bug and saw it was fixed upstream, so I closed the bug to make that
clear.
Cheers,
Ivo
