Accepting request 794987 from home:stroeder:branches:systemsmanagement

update to version 2.9.7

OBS-URL: https://build.opensuse.org/request/show/794987
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=169
This commit is contained in:
Boris Manojlovic 2020-04-23 15:33:08 +00:00 committed by Git OBS Bridge
parent fb51e7cd29
commit e76bc3ef7f
6 changed files with 21 additions and 5 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:59cf3a0781f89992d1dae5205b07e802dff1db205eebd238de9e503b62b8cbc9
size 14201258

View File

@ -1 +0,0 @@
59cf3a0781f89992d1dae5205b07e802dff1db205eebd238de9e503b62b8cbc9 ansible-2.9.6.tar.gz

3
ansible-2.9.7.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7222ce925536a25b2912364e13b03a3e21dbf2f96799ebff304f48509324de7b
size 14215538

1
ansible-2.9.7.tar.gz.sha Normal file
View File

@ -0,0 +1 @@
7222ce925536a25b2912364e13b03a3e21dbf2f96799ebff304f48509324de7b ansible-2.9.7.tar.gz

View File

@ -1,3 +1,19 @@
-------------------------------------------------------------------
Fri Apr 17 06:49:56 UTC 2020 - Michael Ströder <michael@stroeder.com>
- update to version 2.9.7 with many bug fixes,
especially for these security issues:
* CVE-2020-1733 - insecure temporary directory when running become_user from become directive
* CVE-2020-1735 - path injection on dest parameter in fetch module
* CVE-2020-1737 - Extract-Zip function in win_unzip module does not check extracted path
* CVE-2020-1739 - svn module leaks password when specified as a parameter
* CVE-2020-1740 - secrets readable after ansible-vault edit
* CVE-2020-1746 - information disclosure issue in ldap_attr and ldap_entry modules
* CVE-2020-1753 - kubectl connection plugin leaks sensitive information [1]
* CVE-2020-10684 - code injection when using ansible_facts as a subkey
* CVE-2020-10685 - modules which use files encrypted with vault are not properly cleaned up
* CVE-2020-10691 - archive traversal vulnerability in ansible-galaxy collection install [2]
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Apr 6 20:45:04 UTC 2020 - lars@linux-schulserver.de - 2.9.6 Mon Apr 6 20:45:04 UTC 2020 - lars@linux-schulserver.de - 2.9.6

View File

@ -55,7 +55,7 @@
Name: ansible Name: ansible
Version: 2.9.6 Version: 2.9.7
Release: 0 Release: 0
Summary: SSH-based configuration management, deployment, and task execution system Summary: SSH-based configuration management, deployment, and task execution system
License: GPL-3.0-or-later License: GPL-3.0-or-later