Your message dated Wed, 11 Jan 2017 01:48:33 +0000
with message-id <e1cr81h-00096b...@fasolo.debian.org>
and subject line Bug#850846: fixed in ansible 2.2.0.0-2
has caused the Debian Bug report #850846,
regarding ansible: CVE-2016-9587: host to controller command execution
vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
850846: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850846
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: ansible
Version: 2.2.0.0-1
Severity: grave
Tags: patch security upstream
Justification: user security hole
Hi,
the following vulnerability was published for ansible.
CVE-2016-9587[0]:
|Compromised remote hosts can lead to running commands on the Ansible
|controller
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-9587
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9587
[1] https://bugzilla.novell.com/show_bug.cgi?id=1019021
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1404378
[3]
https://github.com/ansible/ansible/commit/ec84ff6de6eca9224bf3f22b752bb8da806611ed
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ansible
Source-Version: 2.2.0.0-2
We believe that the bug you reported is fixed in the latest version of
ansible, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 850...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Harlan Lieberman-Berg <hlieber...@debian.org> (supplier of updated ansible
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 10 Jan 2017 20:14:07 -0500
Source: ansible
Binary: ansible
Architecture: source
Version: 2.2.0.0-2
Distribution: unstable
Urgency: high
Maintainer: Harlan Lieberman-Berg <hlieber...@debian.org>
Changed-By: Harlan Lieberman-Berg <hlieber...@debian.org>
Closes: 850846
Description:
ansible - Configuration management, deployment, and task execution system
Changes:
ansible (2.2.0.0-2) unstable; urgency=high
.
* Cherry-pick patch to fix CVE-2016-9587 (Closes: #850846)
Checksums-Sha1:
89cd25d8eb7ae94fb74052038f479c3b27c33459 2167 ansible_2.2.0.0-2.dsc
34f09dbbfa35c0136645533ac99082ec4c8d4ace 24084 ansible_2.2.0.0-2.debian.tar.xz
Checksums-Sha256:
817403630d8acccab0b15c49f192fa9e63e6f83de4e9fd5793167004903d3126 2167
ansible_2.2.0.0-2.dsc
2d2f0da195a8404e975b191f83de306af5ba936485dff9cdb8a4cb24752741b2 24084
ansible_2.2.0.0-2.debian.tar.xz
Files:
285b9c7ad20f6ce76db223d3fa41480e 2167 admin optional ansible_2.2.0.0-2.dsc
fdf9ef32bf051a7a2afa93de0f34f618 24084 admin optional
ansible_2.2.0.0-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKqBAEBCgCUFiEEC4/gdC1SedxlUOKJhUCe5LmfiWEFAlh1iclfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDBC
OEZFMDc0MkQ1Mjc5REM2NTUwRTI4OTg1NDA5RUU0Qjk5Rjg5NjEWHGhsaWViZXJt
YW5AZGViaWFuLm9yZwAKCRCFQJ7kuZ+JYaHNEACa20vKoDSuMSS3u0f5nJf+upsf
2HRtDkQ3xJcJnfeb0v+CFfDPy7qkZWYBczYHDJLClckXMDprn3NPgyROxyxsPENE
8RBqnZ+/k9k679N1ltsbb9z/Lu+63KtQQv+GWOqa1rH3mzMcSlHBkz+1DaViA3Ls
JA5JDN/uR598tqnj4oJ6zNAfClth0kMBVfPifevZMCEtY7YvkJHnEzB+SUR97zLM
ErSSewsvjPcDDtRm0r0GovsP3zmTF7hnkjnsiYVy/f96a5uSH7yMf1FjT09Jj7PU
3RE9AQGRPrFmYzRQrFCUWmj2kHnmEcsYM4/zHT5si5wiVQiU3FrT5N+zVwtfJV41
LsXwK3YgP1aPS1YV9fkl+Udvx5EVyyR+S/ayOR70dYUwqMzJcio4e9Qiedl5nxIG
//U2OYksFlbn9WdgTm1g74ARR4WrCCYcGm0n6tE3ePbsxRHN7NGbn+cL/RY07X8g
EFNB0fjjoVkPgWeVGRLKDt0/DZ7+4x4vX7bXYJ3AvF4UJ6cccC0DiamiJ62EZqTN
Q2NmTElu5uIEOFozSvMLELPCQ/gjUKv3yxJ+MdsQY6VTN4TrXyLmZj/TZfLV3moO
eN+k8S5Fz9g/yKGTximEvQa3+XGTgrLDy1Ad7XXf8MJtAc+Swp8uQPJgu42+M8BP
mvcvOH7p0lecPkNiow==
=v0yx
-----END PGP SIGNATURE-----
--- End Message ---
