Bug#851619: new upstream release fixes a bag of CVEs
Hi, On Mon, Jan 16, 2017 at 10:43:05PM +0100, Toni Mueller wrote: > there is a new Ansible release, 2.2.1, which was published on 2017-01-11 > on releases.ansible.com, which fixes a bag of security holes, for which > CVEs should already exist. Please take a look at sorry, MY BAD. The final 2.2.1 version was only released today, the packages released on the 11th were only release candidates. Cheers, --Toni++
Bug#851619: new upstream release fixes a bag of CVEs
Hi Harlan, On Mon, Jan 16, 2017 at 05:06:36PM -0500, Harlan Lieberman-Berg wrote: > Happy to report that these have already been fixed through cherry-picks > over the last five days or so. 2.2.1 has no security fixes not present > in 2.2.0.0-4. oh, great. I almost expected as much, but wanted to make really sure because of the impact. > We'll probably merge in 2.2.1 in the next couple of days to get the > other bugfixes that are in there. Sounds great. I was reading about some and already considered nagging you about them. Cheers, --Toni++
Bug#851619: new upstream release fixes a bag of CVEs
package ansible tag 851619 -security -upstream severity 851619 wishlist retitle 851619 New ansible upstream version thanks Toni Muellerwrites: > there is a new Ansible release, 2.2.1, which was published on 2017-01-11 > on releases.ansible.com, which fixes a bag of security holes, for which > CVEs should already exist. Please take a look at Hi Toni! Happy to report that these have already been fixed through cherry-picks over the last five days or so. 2.2.1 has no security fixes not present in 2.2.0.0-4. We'll probably merge in 2.2.1 in the next couple of days to get the other bugfixes that are in there. Sincerely, -- Harlan Lieberman-Berg ~hlieberman
Bug#851619: new upstream release fixes a bag of CVEs
Package: ansible Version: 2.2.0.0-1 Severity: grave Tags: security upstream Hi, there is a new Ansible release, 2.2.1, which was published on 2017-01-11 on releases.ansible.com, which fixes a bag of security holes, for which CVEs should already exist. Please take a look at https://www.computest.nl/advisories/CT-2017-0109_Ansible.txt Cheers, --Toni++ -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (990, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages ansible depends on: ii python-crypto 2.6.1-7 ii python-httplib2 0.9.2+dfsg-1 ii python-jinja2 2.8-1 ii python-netaddr0.7.18-2 ii python-paramiko 2.0.0-1 ii python-pkg-resources 32.0.0-1 ii python-yaml 3.12-1 pn python:any Versions of packages ansible recommends: ii python-kerberos 1.1.5-2+b2 ii python-selinux2.6-3 pn python-winrm ii python-xmltodict 0.10.2-1 Versions of packages ansible suggests: pn cowsay ii sshpass 1.06-1 -- Configuration Files: /etc/ansible/ansible.cfg changed [not included] /etc/ansible/hosts changed [not included] -- no debconf information