[Secure-testing-team] Bug#851619: new upstream release fixes a bag of CVEs
Toni Mueller
toni at debian.org
Mon Jan 16 21:43:05 UTC 2017
Package: ansible
Version: 2.2.0.0-1
Severity: grave
Tags: security upstream
Hi,
there is a new Ansible release, 2.2.1, which was published on 2017-01-11
on releases.ansible.com, which fixes a bag of security holes, for which
CVEs should already exist. Please take a look at
https://www.computest.nl/advisories/CT-2017-0109_Ansible.txt
Cheers,
--Toni++
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (990, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages ansible depends on:
ii python-crypto 2.6.1-7
ii python-httplib2 0.9.2+dfsg-1
ii python-jinja2 2.8-1
ii python-netaddr 0.7.18-2
ii python-paramiko 2.0.0-1
ii python-pkg-resources 32.0.0-1
ii python-yaml 3.12-1
pn python:any <none>
Versions of packages ansible recommends:
ii python-kerberos 1.1.5-2+b2
ii python-selinux 2.6-3
pn python-winrm <none>
ii python-xmltodict 0.10.2-1
Versions of packages ansible suggests:
pn cowsay <none>
ii sshpass 1.06-1
-- Configuration Files:
/etc/ansible/ansible.cfg changed [not included]
/etc/ansible/hosts changed [not included]
-- no debconf information
More information about the Secure-testing-team
mailing list