Overview
Request 1167044 accepted
- Address issues where internal templating can cause unsafe
variables to lose their unsafe designation (bsc#1216854, CVE-2023-5764)
* breaking_changes:
assert - Nested templating may result in an inability for the conditional
to be evaluated. See the porting guide for more information.
- Address issue where ANSIBLE_NO_LOG was ignored (bsc#1219002, CVE-2024-0690)
- Added:
* 0001-Ensure-that-unsafe-is-more-difficult-to-lose-stable-.patch
* 0002-Ensure-ANSIBLE_NO_LOG-is-respected-CVE-2024-0690-825.patch
kubectl_password in console log (CVE-2020-1753, bsc#1166389).
* CVE-2020-14365, bsc#1175993: Previously, regardless of the
disable_gpg_check option, packages were not GPG validated. They
are now.
- Don't Require python-coverage, it is needed only for testing
(bsc#1177948).
(CVE-2020-14332, bsc#1174302)
from the uri module (CVE-2020-14330, bsc#1174145).
- Add CVE-2020-10744_avoid_mkdir_p.patch (CVE-2020-10744, bsc#1171823) to fix
insecure temporary directory creation.
- Remove CVE-2017-7550-jenkins-disallow-password-in-params.patch
as it has been already included in 2.4.1.0
- includes fix for bsc#1099805 (CVE-2018-10874) Inventory
variables are loaded from current working directory when
running ad-hoc command that can lead to code execution
(included upstream in 2.6.1).
- update to 2.3.2.0 (final) - bsc#1059235
as "unsafe". bsc#1038785
- security update to rc4 of 2.2.1.0 version CVE-2016-9587,
CVE-2016-8628, CVE-2016-8614, CVE-2016-8647, CVE-2016-9587
- Created by PSuarezHernandez
- In state accepted
Request History
PSuarezHernandez created request
- Address issues where internal templating can cause unsafe
variables to lose their unsafe designation (bsc#1216854, CVE-2023-5764)
* breaking_changes:
assert - Nested templating may result in an inability for the conditional
to be evaluated. See the porting guide for more information.
- Address issue where ANSIBLE_NO_LOG was ignored (bsc#1219002, CVE-2024-0690)
- Added:
* 0001-Ensure-that-unsafe-is-more-difficult-to-lose-stable-.patch
* 0002-Ensure-ANSIBLE_NO_LOG-is-respected-CVE-2024-0690-825.patch
kubectl_password in console log (CVE-2020-1753, bsc#1166389).
* CVE-2020-14365, bsc#1175993: Previously, regardless of the
disable_gpg_check option, packages were not GPG validated. They
are now.
- Don't Require python-coverage, it is needed only for testing
(bsc#1177948).
(CVE-2020-14332, bsc#1174302)
from the uri module (CVE-2020-14330, bsc#1174145).
- Add CVE-2020-10744_avoid_mkdir_p.patch (CVE-2020-10744, bsc#1171823) to fix
insecure temporary directory creation.
- Remove CVE-2017-7550-jenkins-disallow-password-in-params.patch
as it has been already included in 2.4.1.0
- includes fix for bsc#1099805 (CVE-2018-10874) Inventory
variables are loaded from current working directory when
running ad-hoc command that can lead to code execution
(included upstream in 2.6.1).
- update to 2.3.2.0 (final) - bsc#1059235
as "unsafe". bsc#1038785
- security update to rc4 of 2.2.1.0 version CVE-2016-9587,
CVE-2016-8628, CVE-2016-8614, CVE-2016-8647, CVE-2016-9587
vizhestkov accepted request
Accepted
