From f042d82a63c52f10ae6ec88af0a54ae6776e1a1b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Str=C3=B6der?= Date: Fri, 19 Feb 2021 10:39:23 +0000 Subject: [PATCH] Accepting request 873716 from home:stroeder:branches:systemsmanagement - update to version 2.9.18 * CVE-2021-20228 where default and fallback values for no_log parameters to modules were not previously masked. * CVE-2021-20178 where several parameters to the snmp_facts module were logged and displayed despite containing sensitive information. * CVE-2021-20180 where several parameters to the bitbucket_pipeline_variable were logged and displayed despite containing sensitive information. * CVE-2021-20191 which addresses a number of modules whose parameters were logged and displayed despite containing sensitive information. For the full list of affected modules, refer to the changelog linked below. OBS-URL: https://build.opensuse.org/request/show/873716 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=202 --- ansible-2.9.17.tar.gz | 3 --- ansible-2.9.17.tar.gz.sha | 1 - ansible-2.9.18.tar.gz | 3 +++ ansible-2.9.18.tar.gz.sha | 1 + ansible.changes | 16 ++++++++++++++++ ansible.spec | 2 +- 6 files changed, 21 insertions(+), 5 deletions(-) delete mode 100644 ansible-2.9.17.tar.gz delete mode 100644 ansible-2.9.17.tar.gz.sha create mode 100644 ansible-2.9.18.tar.gz create mode 100644 ansible-2.9.18.tar.gz.sha diff --git a/ansible-2.9.17.tar.gz b/ansible-2.9.17.tar.gz deleted file mode 100644 index bb7dd99..0000000 --- a/ansible-2.9.17.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d78b46d647d91dd478ba7f43baf36ffa27f9a5992b826b16a6cc15cf993f19dc -size 14251861 diff --git a/ansible-2.9.17.tar.gz.sha b/ansible-2.9.17.tar.gz.sha deleted file mode 100644 index 96c4fd9..0000000 --- a/ansible-2.9.17.tar.gz.sha +++ /dev/null @@ -1 +0,0 @@ -d78b46d647d91dd478ba7f43baf36ffa27f9a5992b826b16a6cc15cf993f19dc ansible-2.9.17.tar.gz diff --git a/ansible-2.9.18.tar.gz b/ansible-2.9.18.tar.gz new file mode 100644 index 0000000..d5c5659 --- /dev/null +++ b/ansible-2.9.18.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:55fee77729eab2dce854c94a7b6998f0fcb7b9a053bdaa7eb4057f01a0d5d93c +size 14258092 diff --git a/ansible-2.9.18.tar.gz.sha b/ansible-2.9.18.tar.gz.sha new file mode 100644 index 0000000..b8e87ca --- /dev/null +++ b/ansible-2.9.18.tar.gz.sha @@ -0,0 +1 @@ +55fee77729eab2dce854c94a7b6998f0fcb7b9a053bdaa7eb4057f01a0d5d93c ansible-2.9.18.tar.gz diff --git a/ansible.changes b/ansible.changes index 4b5e06b..43860d4 100644 --- a/ansible.changes +++ b/ansible.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Fri Feb 19 08:40:14 UTC 2021 - Michael Ströder + +- update to version 2.9.18 + * CVE-2021-20228 where default and fallback values for no_log parameters + to modules were not previously masked. + * CVE-2021-20178 where several parameters to the snmp_facts module were + logged and displayed despite containing sensitive information. + * CVE-2021-20180 where several parameters to the + bitbucket_pipeline_variable were logged and displayed despite + containing sensitive information. + * CVE-2021-20191 which addresses a number of modules whose parameters + were logged and displayed despite containing sensitive + information. For the full list of affected modules, refer to the + changelog linked below. + ------------------------------------------------------------------- Tue Jan 19 00:48:05 UTC 2021 - Michael Ströder diff --git a/ansible.spec b/ansible.spec index 017c987..5a36a1a 100644 --- a/ansible.spec +++ b/ansible.spec @@ -222,7 +222,7 @@ Recommends: %{python}-six Recommends: sshpass %endif Name: ansible -Version: 2.9.17 +Version: 2.9.18 Release: 0 Summary: SSH-based configuration management, deployment, and task execution system License: GPL-3.0-or-later