Hello community, here is the log from the commit of package ansible for openSUSE:Factory checked in at 2020-04-23 18:40:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ansible (Old) and /work/SRC/openSUSE:Factory/.ansible.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ansible" Thu Apr 23 18:40:41 2020 rev:61 rq:796589 version:2.9.7 Changes: -------- --- /work/SRC/openSUSE:Factory/ansible/ansible.changes 2020-04-11 23:47:18.455123984 +0200 +++ /work/SRC/openSUSE:Factory/.ansible.new.2738/ansible.changes 2020-04-23 18:40:46.577274466 +0200 @@ -1,0 +2,16 @@ +Fri Apr 17 06:49:56 UTC 2020 - Michael Ströder <[email protected]> + +- update to version 2.9.7 with many bug fixes, + especially for these security issues: + * CVE-2020-1733 - insecure temporary directory when running become_user from become directive + * CVE-2020-1735 - path injection on dest parameter in fetch module + * CVE-2020-1737 - Extract-Zip function in win_unzip module does not check extracted path + * CVE-2020-1739 - svn module leaks password when specified as a parameter + * CVE-2020-1740 - secrets readable after ansible-vault edit + * CVE-2020-1746 - information disclosure issue in ldap_attr and ldap_entry modules + * CVE-2020-1753 - kubectl connection plugin leaks sensitive information [1] + * CVE-2020-10684 - code injection when using ansible_facts as a subkey + * CVE-2020-10685 - modules which use files encrypted with vault are not properly cleaned up + * CVE-2020-10691 - archive traversal vulnerability in ansible-galaxy collection install [2] + +------------------------------------------------------------------- Old: ---- ansible-2.9.6.tar.gz ansible-2.9.6.tar.gz.sha New: ---- ansible-2.9.7.tar.gz ansible-2.9.7.tar.gz.sha ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ansible.spec ++++++ --- /var/tmp/diff_new_pack.3o37Eo/_old 2020-04-23 18:40:48.161277497 +0200 +++ /var/tmp/diff_new_pack.3o37Eo/_new 2020-04-23 18:40:48.165277505 +0200 @@ -55,7 +55,7 @@ Name: ansible -Version: 2.9.6 +Version: 2.9.7 Release: 0 Summary: SSH-based configuration management, deployment, and task execution system License: GPL-3.0-or-later ++++++ ansible-2.9.6.tar.gz -> ansible-2.9.7.tar.gz ++++++ /work/SRC/openSUSE:Factory/ansible/ansible-2.9.6.tar.gz /work/SRC/openSUSE:Factory/.ansible.new.2738/ansible-2.9.7.tar.gz differ: char 5, line 1 ++++++ ansible-2.9.6.tar.gz.sha -> ansible-2.9.7.tar.gz.sha ++++++ --- /work/SRC/openSUSE:Factory/ansible/ansible-2.9.6.tar.gz.sha 2020-03-09 21:04:04.771012883 +0100 +++ /work/SRC/openSUSE:Factory/.ansible.new.2738/ansible-2.9.7.tar.gz.sha 2020-04-23 18:40:45.965273296 +0200 @@ -1 +1 @@ -59cf3a0781f89992d1dae5205b07e802dff1db205eebd238de9e503b62b8cbc9 ansible-2.9.6.tar.gz +7222ce925536a25b2912364e13b03a3e21dbf2f96799ebff304f48509324de7b ansible-2.9.7.tar.gz
