Source: ansible-core
Source-Version: 2.18.0-1
On Mon, Nov 11, 2024 at 03:19:31PM +0000, Debian FTP Masters wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Format: 1.8
> Date: Mon, 11 Nov 2024 15:02:45 +0000
> Source: ansible-core
> Architecture: source
> Version: 2.18.0-1
> Distribution: unstable
> Urgency: medium
> Maintainer: Debian Python Team <team+pyt...@tracker.debian.org>
> Changed-By: Colin Watson <cjwat...@debian.org>
> Changes:
> ansible-core (2.18.0-1) unstable; urgency=medium
> .
> * Team upload
> .
> [ Bastien Roucariès ]
> * Fix CVE-2024-9902: A flaw was found in Ansible.
> The ansible-core `user` module can allow an
> unprivileged user to silently create or replace
> the contents of any file on any system path
> and take ownership of it when a privileged user
> executes the `user` module against the unprivileged
> user's home directory. If the unprivileged user
> has traversal permissions on the directory containing
> the exploited target file, they retain full control
> over the contents of the file as its owner.
> .
> [ Colin Watson ]
> * New upstream release.
> * Remove misleading sequence numbers from files in debian/patches.
> Checksums-Sha1:
> 53b0c8cec848fda0cbaca2c2fe3f5217444cef2e 2593 ansible-core_2.18.0-1.dsc
> a114b622d2d27cb16e0be9ec7e5d250ef1bc8db4 3064903
> ansible-core_2.18.0.orig.tar.gz
> fe0f0a6cb3a316af695594318fbed29a8c762cbb 25904
> ansible-core_2.18.0-1.debian.tar.xz
> Checksums-Sha256:
> 55d56055ba25893e414052797d057f2b54e1833d46253a12ea1900ae6ccfcda1 2593
> ansible-core_2.18.0-1.dsc
> 87fbebbfe8d961e9b153e84b4438ba3a327dbfdcd4ad05a6065d9ff5d9d02e7b 3064903
> ansible-core_2.18.0.orig.tar.gz
> 69ad003c7ee699c3ea0fbf755b261d0075ba2534f19bb39d75ee7d130d5a5ded 25904
> ansible-core_2.18.0-1.debian.tar.xz
> Files:
> 85d97a4561bcc12c57b67ff55413ed9b 2593 admin optional
> ansible-core_2.18.0-1.dsc
> fc66129ba5e2255f38656e7268b2ef75 3064903 admin optional
> ansible-core_2.18.0.orig.tar.gz
> 3db50837be60beca57d2e12f62fab3c8 25904 admin optional
> ansible-core_2.18.0-1.debian.tar.xz
>
> -----BEGIN PGP SIGNATURE-----
>
> iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmcyHLYACgkQOTWH2X2G
> UAudwxAAlw6HdIfvS36aLnmlPDgYOQOunFljosvZLMmcrqZ0qiBIrpHKO+AS+PXw
> jN+3vrpEFOTBYh20V1A8g+E0llP351aq9d/FsqqWxspXMpF82rzjBe5Q3MhNmwd8
> 7w4EnotAmvqnUlqw33C8HNjelec7BPNb/WKL+958ji8gmHvE0hyfu5DCcFJO+rDI
> +M7ae41g1JfcLT3pu1VXv4g+VJaUI0/LKkQNz9kFc4L5cabtf+N0F9h1AuitvuRh
> UdguGRGh72jFGC5s/TqXG5PRN1FmtcxlEUmNBBYoFhAoRMN+xHUTV1XeaLql+moa
> Wf3uLSrZhc7gVIBa5hzDvTOMndqJOGET72rie9WfXwEZ9xxoxUNkcWACeUGpOrqu
> nS4Dw3SJpM+tCdqxU9z1DvuDbzSCcRhE5dimCleL3OEsBcQ+c93RAR6Yq8lnUlDs
> pMASlRcueNhfmEi7lMQ4tjq4cHTlaZJWHQFaRnwRjknkYyLmSRuNpjCHHSGauMIf
> /jnhzQSNlHvU6tHTYjwdPEWf/b5MlzlKY4zTlwH/PsFNB5hhLJa5Gld8gg+hohXM
> pA/4+aio/JIpVVEzobC8dp0efLH7gOLXVrCzRO28emJ2eMHZ44qWyP5hBODl06jv
> rTWPispXgBtrExl5VtdTBV+dj+wXIntq0C4zuwlAMteUQ2AT9/w=
> =lQ32
> -----END PGP SIGNATURE-----
