-
ansible (2.1.1.0-1~ubuntu16.04.1) xenial-backports; urgency=medium
* No-change backport to xenial (LP: #1621514)
ansible (2.1.1.0-1) unstable; urgency=medium
* New upstream release.
* Update cme copyright helper files.
* Drop ansible-*fireball, as it is no longer supported.
ansible (2.1.0.0-1) unstable; urgency=medium
* New upstream release. (Closes: #826927, #814371)
* Update d/copyright; add cme hinting files.
* Bump S-V; no changes required
* Add manpage for ansible-console.
ansible (2.0.2.0-1) unstable; urgency=medium
* New upstream release
* Remove patches applied upstream
* Change maintainer from Janos to me
ansible (2.0.1.0-2) unstable; urgency=medium
* Backport patches to fix vulns in lxc plugin (Closes: #819676)
* Update my email address
ansible (2.0.1.0-1) unstable; urgency=medium
* New upstream release.
* Fix Vcs-git URI.
* Bump standards version.
-- Felix Geyer <email address hidden> Sun, 30 Oct 2016 10:44:32 +0100
-
ansible (2.0.0.2-2ubuntu1.3) xenial-security; urgency=medium
* SECURITY REGRESSION: Fix indentation, missing dependencies, and calls.
- debian/patches/CVE-2018-10875.patch: Fix indentation and dependency.
- debian/patches/CVE-2018-16837.patch: Fix dependency.
- debian/patches/CVE-2017-7481.patch: Fix function call.
- CVE-2017-7481
- CVE-2018-10875
- CVE-2018-16837
-- Paulo Flabiano Smorigo <email address hidden> Wed, 17 Jul 2019 21:47:58 -0300
-
ansible (2.0.0.2-2ubuntu1.2) xenial-security; urgency=medium
* SECURITY UPDATE: Fix vulnerability where a local user could use symlinks
to write arbitrary files or gain privileges.
- debian/patches/CVE-2016-3096.patch: Do not use a predictable filenames
in the LXC plugin.
- CVE-2016-3096
* SECURITY UPDATE: Avoid unicode strings injection.
- debian/patches/CVE-2017-7481.patch: Fixing security issue with lookup
returns not tainting the jinja2 environment.
- CVE-2017-7481
* SECURITY UPDATE: Fix a flaw in ansible.cfg where an attacker could point
to a plugin or a module path under control and execute arbitrary code.
- debian/patches/CVE-2018-10875.patch: Ignore ansible.cfg in world
writable cwd.
- CVE-2018-10875
* SECURITY UPDATE: Avoid information disclosure in log and command line.
- debian/patches/CVE-2018-16837.patch: user: Don't pass ssh_key_passphrase
on command line.
- CVE-2018-16837
-- Paulo Flabiano Smorigo <email address hidden> Fri, 12 Jul 2019 11:48:46 -0300
-
ansible (2.0.0.2-2ubuntu1.1) xenial-security; urgency=medium
* SECURITY UPDATE: Arbitrary command execution on ansible controller
- debian/patches/CVE-2016-9587-1.patch: Fixing security bugs by sanitizing
facts
- debian/patches/CVE-2016-9587-2.patch: Additional fixes for security
- NOTE: When CVE-2016-9587 was fixed, it included commit
bcceada5d9b78ad77069c78226f8e9b336ff8949. It was found that it was still
possible to exploit the vulnerability after this commit. Commit
0d418789a298561fded9bce977d34babc9097079 reverted bcceada5 and resolved
CVE-2017-7466. By not applying commit bcceada5, CVE-2017-7466 is
resolved. See https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466
for more detail.
- CVE-2016-8628, CVE-2016-9587, CVE-2017-7466
-- Mike Salvatore <email address hidden> Fri, 17 Aug 2018 10:50:20 -0400
-
ansible (2.0.0.2-2ubuntu1) xenial; urgency=medium
* Fix EEXISTS (should be EEXIST) (LP: #1631996)
-- Serge Hallyn <email address hidden> Mon, 10 Oct 2016 12:59:42 -0500
-
ansible (2.0.0.2-2) unstable; urgency=medium
* Migrate to unstable.
* Switch Vcs-git to https.
-- Harlan Lieberman-Berg <email address hidden> Mon, 08 Feb 2016 07:15:41 -0500
-
ansible (1.9.4-1) unstable; urgency=medium
* New upstream version.
-- Harlan Lieberman-Berg <email address hidden> Sat, 10 Oct 2015 17:51:09 -0400
-
ansible (1.9.2+dfsg-2) unstable; urgency=low
* Fix suggestion of no-longer-built ansible-doc. (Closes: #795532)
.
Ansible used to ship their website which contained the manual for using ansible
and learning it. They no longer ship this in released versions, thus ansible-doc
was removed.
-- Harlan Lieberman-Berg <email address hidden> Sat, 15 Aug 2015 09:29:31 +0200
