Sorry that this took so long. I check the CVEs now and CVE-2013-4260 is not affecting 1.1.x as this is a problem with the ".retry" which is new feature in 1.2.
2013-4259 is pretty straightforward, I attached a patch. 2013-2233 is not straightforward at all, its essentially the diff between git tag v1.2 v1.2.1. There is no isolated diff or anything like this. I tried to isolate this, but I'm honestly not sure I was successful. As it is it definitely needs some serious testing before it can go out to saucy-security. Pushing v1.2.3 out would be my prefered option TBH. ** Patch added: "debdiff with initial patch that fixes the two open CVEs" https://bugs.launchpad.net/ubuntu/+source/ansible/+bug/1256068/+attachment/3942425/+files/ansible_1.1%2Bdfsg-2.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1256068 Title: CVEs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ansible/+bug/1256068/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
