Hello community, here is the log from the commit of package ansible for openSUSE:Factory checked in at 2020-05-29 21:24:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ansible (Old) and /work/SRC/openSUSE:Factory/.ansible.new.3606 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ansible" Fri May 29 21:24:22 2020 rev:65 rq:810048 version:2.9.9 Changes: -------- --- /work/SRC/openSUSE:Factory/ansible/ansible.changes 2020-05-28 09:15:26.424702554 +0200 +++ /work/SRC/openSUSE:Factory/.ansible.new.3606/ansible.changes 2020-05-29 21:39:08.302964443 +0200 @@ -1,0 +2,6 @@ +Thu May 28 13:57:38 UTC 2020 - Matej Cepl <[email protected]> + +- Correct ID of CVE and rename the patch to + CVE-2020-1744_avoid_mkdir_p.patch + +------------------------------------------------------------------- @@ -46 +52,2 @@ - - CVE-2020-10684 - code injection when using ansible_facts as a subkey + - bsc#1167532 CVE-2020-10684 - code injection when using + ansible_facts as a subkey @@ -521 +528 @@ - * remote home directory * Disallow use of remote home directories that include relative pathing by means of `..` (CVE-2019-3828) (https://github.com/ansible/ansible/pull/52133) + * remote home directory * Disallow use of remote home directories that include relative pathing by means of `..` (CVE-2019-3828, bsc#1126503) (https://github.com/ansible/ansible/pull/52133) @@ -897,0 +905,2 @@ + + Includes fix for bsc#1099808 (CVE-2018-10875) ansible.cfg is being read + from current working directory allowing possible code execution Old: ---- CVE-2020-1733_avoid_mkdir_p.patch New: ---- CVE-2020-1744_avoid_mkdir_p.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ansible.spec ++++++ --- /var/tmp/diff_new_pack.6zmz66/_old 2020-05-29 21:39:08.882966170 +0200 +++ /var/tmp/diff_new_pack.6zmz66/_new 2020-05-29 21:39:08.882966170 +0200 @@ -229,9 +229,9 @@ Source: https://releases.ansible.com/ansible/ansible-%{version}.tar.gz Source1: https://releases.ansible.com/ansible/ansible-%{version}.tar.gz.sha Source99: ansible-rpmlintrc -# PATCH-FIX-UPSTREAM CVE-2020-1733_avoid_mkdir_p.patch bsc#1171823 [email protected] +# PATCH-FIX-UPSTREAM CVE-2020-1744_avoid_mkdir_p.patch bsc#1171823 [email protected] # gh#ansible/ansible#67791 avoid race condition and insecure directory creation -Patch0: CVE-2020-1733_avoid_mkdir_p.patch +Patch0: CVE-2020-1744_avoid_mkdir_p.patch BuildArch: noarch # extented documentation %if 0%{?with_docs} ++++++ CVE-2020-1733_avoid_mkdir_p.patch -> CVE-2020-1744_avoid_mkdir_p.patch ++++++
