Overview
Request 537425 superseded
CVE-2017-7481: Security issue with lookup return not tainting the jinja2 environment (bsc#1038785)
CVE-2016-9587: host to controller command execution vulnerability (bsc#1019021)
CVE-2016-8628: Command injection by compromised server via fact variables (bsc#1008037)
CVE-2016-8614: Improper verification of key fingerprints in apt_key module (bsc#1008038)
- Created by AndreasStieger
- In state superseded
- Superseded by 537596
- Open review for systemsmanagement / ansible
Request History
AndreasStieger created request
CVE-2017-7481: Security issue with lookup return not tainting the jinja2 environment (bsc#1038785)
CVE-2016-9587: host to controller command execution vulnerability (bsc#1019021)
CVE-2016-8628: Command injection by compromised server via fact variables (bsc#1008037)
CVE-2016-8614: Improper verification of key fingerprints in apt_key module (bsc#1008038)
maintbot added factory-source as a reviewer
maintbot added as a reviewer
Submission for ansible by someone who is not maintainer in the devel project (systemsmanagement). Please review
maintbot accepted review
ok
factory-source accepted review
ok
AndreasStieger superseded request
take newer version
This is an upstream update anyway.
So being an ansible user mayself I strongly recommend to rather use upstream release 2.4.1.0 which fixes some issues found in 2.4.0.0.
Would you then either approve, reject, supersede or submit updates to the stable distributions pro-actively?
I'm not the one who decides on this.
But I'd support it because given the fast pace of ansible releases with important security and functional fixes it's a very bad idea to fall behind. Back-porting security fixes would be a pain and nobody relying on ansible would want to use such a patched ansible package anyway.
Actually you are? You are the maintainer.