@anatoly: yeah, 1.4.3 (or 1.4.4 even) is much nicer - however the policy is to not upgrade to new versions for security-updates.
Backporting patches is the prefered way. However in this particular case the backport is kind of invasive so I was wondering if going to the 1.2.3 version (which is the version that has a fix for these 3 CVEs) might be a good compromise between the potential erroneous backport of the "smart" protocol fix for CVE-2013-2333 and a new version. ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2333 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1256068 Title: CVEs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ansible/+bug/1256068/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
