diff --git a/ansible-2.9.6.tar.gz b/ansible-2.9.6.tar.gz deleted file mode 100644 index 36460d6..0000000 --- a/ansible-2.9.6.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:59cf3a0781f89992d1dae5205b07e802dff1db205eebd238de9e503b62b8cbc9 -size 14201258 diff --git a/ansible-2.9.6.tar.gz.sha b/ansible-2.9.6.tar.gz.sha deleted file mode 100644 index fb21375..0000000 --- a/ansible-2.9.6.tar.gz.sha +++ /dev/null @@ -1 +0,0 @@ -59cf3a0781f89992d1dae5205b07e802dff1db205eebd238de9e503b62b8cbc9 ansible-2.9.6.tar.gz diff --git a/ansible-2.9.7.tar.gz b/ansible-2.9.7.tar.gz new file mode 100644 index 0000000..e59d697 --- /dev/null +++ b/ansible-2.9.7.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7222ce925536a25b2912364e13b03a3e21dbf2f96799ebff304f48509324de7b +size 14215538 diff --git a/ansible-2.9.7.tar.gz.sha b/ansible-2.9.7.tar.gz.sha new file mode 100644 index 0000000..5f3d3f2 --- /dev/null +++ b/ansible-2.9.7.tar.gz.sha @@ -0,0 +1 @@ +7222ce925536a25b2912364e13b03a3e21dbf2f96799ebff304f48509324de7b ansible-2.9.7.tar.gz diff --git a/ansible.changes b/ansible.changes index aefd87f..1c389ba 100644 --- a/ansible.changes +++ b/ansible.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Fri Apr 17 06:49:56 UTC 2020 - Michael Ströder + +- update to version 2.9.7 with many bug fixes, + especially for these security issues: + * CVE-2020-1733 - insecure temporary directory when running become_user from become directive + * CVE-2020-1735 - path injection on dest parameter in fetch module + * CVE-2020-1737 - Extract-Zip function in win_unzip module does not check extracted path + * CVE-2020-1739 - svn module leaks password when specified as a parameter + * CVE-2020-1740 - secrets readable after ansible-vault edit + * CVE-2020-1746 - information disclosure issue in ldap_attr and ldap_entry modules + * CVE-2020-1753 - kubectl connection plugin leaks sensitive information [1] + * CVE-2020-10684 - code injection when using ansible_facts as a subkey + * CVE-2020-10685 - modules which use files encrypted with vault are not properly cleaned up + * CVE-2020-10691 - archive traversal vulnerability in ansible-galaxy collection install [2] + ------------------------------------------------------------------- Mon Apr 6 20:45:04 UTC 2020 - lars@linux-schulserver.de - 2.9.6 diff --git a/ansible.spec b/ansible.spec index 19a77da..52c5a80 100644 --- a/ansible.spec +++ b/ansible.spec @@ -55,7 +55,7 @@ Name: ansible -Version: 2.9.6 +Version: 2.9.7 Release: 0 Summary: SSH-based configuration management, deployment, and task execution system License: GPL-3.0-or-later