Commit Graph

1 Commits

Author SHA1 Message Date
Lars Vogdt
7af40c3479 Accepting request 810010 from home:mcepl:branches:systemsmanagement
- Correct ID of CVE and rename the patch to
  CVE-2020-1744_avoid_mkdir_p.patch

  - bsc#1167532 CVE-2020-10684 - code injection when using
    ansible_facts as a subkey
  * remote home directory * Disallow use of remote home directories that include relative pathing by means of `..` (CVE-2019-3828, bsc#1126503) (https://github.com/ansible/ansible/pull/52133)
  + Includes fix for bsc#1099808 (CVE-2018-10875) ansible.cfg is being read
    from current working directory allowing possible code execution

OBS-URL: https://build.opensuse.org/request/show/810010
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=184
2020-05-28 22:37:12 +00:00