ansible-core - Debian Package Tracker

general

source: ansible-core (main)
version: 2.18.0-1
maintainer: Debian Python Team (DMD)
uploaders: Lee Garrett [DMD]
arch: all
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

stable: 2.14.16-0+deb12u1
testing: 2.17.5-5
unstable: 2.18.0-1

versioned links

2.14.16-0+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.17.5-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.18.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

ansible-core

action needed

2 security issues in trixie high

There are 2 open security issues in trixie.

2 important issues:

CVE-2024-9902: A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner.
CVE-2024-11079: A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.

Created: 2024-09-14 Last update: 2024-11-12 16:31

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2024-11079: A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.

Created: 2024-11-12 Last update: 2024-11-12 16:31

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2024-11-17 Last update: 2024-11-23 09:02

13 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 2ee97d02dafc98727a8df8197b732a5bc74924c5
Author: Lee Garrett <lgarrett@rocketjump.eu>
Date:   Sun Nov 17 23:35:11 2024 +0100

    Fix integration test "apt"

commit 56f0bec6b05c22ec0acb3726e050a46174d8f81b
Author: Lee Garrett <lgarrett@rocketjump.eu>
Date:   Sun Nov 17 23:10:07 2024 +0100

    Update d/p/use-py3.patch to cover new files

commit 4cc921d9157d05f3f39ce485a238196ab150ce62
Author: Lee Garrett <lgarrett@rocketjump.eu>
Date:   Wed Aug 14 23:53:06 2024 +0200

    d/tests/ansible-test-integration.py: also consider tests needing root
    
    When not run as root, any tests requiring root are skipped. As such, always list
    those as they're useful for the later set operations.

commit 4f8bec37a81ca17253fd73f7cd33db57dd9dc136
Author: Lee Garrett <lgarrett@rocketjump.eu>
Date:   Wed Aug 14 23:50:24 2024 +0200

    d/tests/ansible-test-integration.py: Add --check-test-lists param

commit c14494ce91d5c3dcb3464f42dd3ec15cb2144971
Author: Lee Garrett <lgarrett@rocketjump.eu>
Date:   Wed Aug 14 21:22:06 2024 +0200

    d/tests/ansible-test-integration.py: Only run git hack with --setup
    
    Ensure that the git hack is not added when run with --no-setup

commit a8b5251152e6e79e1424a52855debb079388a8d9
Author: Lee Garrett <lgarrett@rocketjump.eu>
Date:   Wed Aug 14 17:09:36 2024 +0200

    testbed-setup.sh: Don't fail when packages are not installed
    
    We mark those packages as manually installed so certain tests don't fail. In
    certain testsuites they're not installed, so just ignore the error there.

commit 5079bf1853bfa14d156150347ed54383f4509346
Author: Lee Garrett <lgarrett@rocketjump.eu>
Date:   Wed Aug 14 17:08:12 2024 +0200

    Add integration failing integration tests to d/t/control and skip those on CI

commit 0686b8313197897792446fa0a2dea22cdbac91f5
Author: Lee Garrett <lgarrett@rocketjump.eu>
Date:   Wed Aug 14 17:07:14 2024 +0200

    Run autopkgtest that require root again

commit dab5c1c850ef60c4ad3c5efc78ce8c489265bfc2
Author: Lee Garrett <lgarrett@rocketjump.eu>
Date:   Wed Aug 14 17:03:58 2024 +0200

    ansible-test-integration.py: print elapsed time with verbosity=2
    
    When running with verbosity=2, also print out the elapsed time for every single
    test (failed or succeeded) and make sure it's properly aligned.

commit 6cdbab23e7a219aa2b0373fad9137eb7e8020da4
Author: Lee Garrett <lgarrett@rocketjump.eu>
Date:   Wed Aug 14 15:07:43 2024 +0200

    d/tests/ansible-test-integration.py: Default to not running tests
    
    - Don't run any tests by default
    - explicitely enable the testsuite for every test

commit deb17010aede185fa6cb69edcb759f7781959cbb
Author: Lee Garrett <lgarrett@rocketjump.eu>
Date:   Wed Aug 14 13:33:32 2024 +0200

    Add bash to autopkgtest deps (required by 'raw')

commit 3cf4393e1acf0569e2c439218a5fe6f68be08973
Author: Lee Garrett <lgarrett@rocketjump.eu>
Date:   Wed Aug 14 13:31:44 2024 +0200

    Mark 'raw' integration test as requiring root

commit 69e1f47b4c02c21203a2a537beb2b6e5df90c000
Author: Lee Garrett <lgarrett@rocketjump.eu>
Date:   Wed Aug 14 13:12:43 2024 +0200

    Add an salsa CI pipelines with image references
    
    These variables are needed to be changed before a Debian release cycle freeze,
    as they implicitely point to unstable.

Created: 2024-11-17 Last update: 2024-11-19 21:34

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2024-11-12 Last update: 2024-11-12 03:32

3 low-priority security issues in bookworm low

There are 3 open security issues in bookworm.

3 issues left for the package maintainer to handle:

CVE-2024-8775: (needs triaging) A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.
CVE-2024-9902: (needs triaging) A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner.
CVE-2024-11079: (needs triaging) A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.

You can find information about how to handle these issues in the security team's documentation.

Created: 2024-09-14 Last update: 2024-11-12 16:31

testing migrations

excuses:
- Migration status for ansible-core (2.17.5-5 to 2.18.0-1): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- ∙ ∙ autopkgtest for ansible-core/2.18.0-1: amd64: Pass, arm64: Pass, armel: Pass, armhf: Pass, i386: Regression or new test ♻ (reference ♻), ppc64el: Pass, s390x: Pass
- ∙ ∙ autopkgtest for ansible-core/blocked-on-ci-infra: riscv64: Failed (not a regression)
- ∙ ∙ autopkgtest for python-mitogen/0.3.18-1: amd64: Regression or new test ♻ (reference ♻), arm64: Regression or new test ♻ (reference ♻), armel: Regression or new test ♻ (reference ♻), armhf: Regression or new test ♻ (reference ♻), i386: Regression or new test ♻ (reference ♻), ppc64el: Regression or new test ♻ (reference ♻), riscv64: Regression or new test ♻ (reference ♻), s390x: Failed (not a regression)
- Additional info:
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/a/ansible-core.html
- ∙ ∙ Reproducible on amd64 - info ♻
- ∙ ∙ Reproducible on arm64 - info ♻
- ∙ ∙ Reproducible on armhf - info ♻
- ∙ ∙ Reproducible on i386 - info ♻
- ∙ ∙ 11 days old (needed 5 days)
- Not considered

news

[rss feed]

[2024-11-11] Accepted ansible-core 2.18.0-1 (source) into unstable (Colin Watson)
[2024-11-10] ansible-core 2.17.5-5 MIGRATED to testing (Debian testing watch)
[2024-11-07] Accepted ansible-core 2.17.5-5 (source) into unstable (Colin Watson)
[2024-11-01] ansible-core 2.17.5-4 MIGRATED to testing (Debian testing watch)
[2024-10-28] Accepted ansible-core 2.17.5-4 (source) into unstable (Colin Watson)
[2024-10-28] Accepted ansible-core 2.17.5-3 (source) into unstable (Colin Watson)
[2024-10-16] Accepted ansible-core 2.17.5-2 (source) into unstable (Colin Watson)
[2024-10-16] Accepted ansible-core 2.17.5-1 (source) into unstable (Colin Watson)
[2024-08-14] Accepted ansible-core 2.14.16-0+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Mark Lee Garrett)
[2024-08-13] Accepted ansible-core 2.17.3-1 (source) into unstable (Lee Garrett) (signed by: Mark Lee Garrett)
[2024-07-26] Accepted ansible-core 2.17.2-1 (source) into unstable (Lee Garrett) (signed by: Mark Lee Garrett)
[2024-07-01] ansible-core 2.17.1-1 MIGRATED to testing (Debian testing watch)
[2024-06-25] Accepted ansible-core 2.17.1-1 (source) into unstable (Lee Garrett) (signed by: Mark Lee Garrett)
[2024-06-05] Accepted ansible-core 2.17.0-1 (source) into unstable (Lee Garrett) (signed by: Mark Lee Garrett)
[2024-04-28] ansible-core 2.16.6-1 MIGRATED to testing (Debian testing watch)
[2024-04-24] Accepted ansible-core 2.16.6-1 (source) into unstable (Lee Garrett) (signed by: Mark Lee Garrett)
[2024-04-20] ansible-core 2.16.5-1 MIGRATED to testing (Debian testing watch)
[2024-04-17] Accepted ansible-core 2.16.5-1 (source) into unstable (Lee Garrett) (signed by: Mark Lee Garrett)
[2023-12-14] ansible-core 2.14.13-1 MIGRATED to testing (Debian testing watch)
[2023-12-12] Accepted ansible-core 2.14.13-1 (source) into unstable (Lee Garrett) (signed by: Mark Lee Garrett)
[2023-11-12] ansible-core 2.14.11-2 MIGRATED to testing (Debian testing watch)
[2023-11-10] Accepted ansible-core 2.14.11-2 (source) into unstable (Lee Garrett) (signed by: Mark Lee Garrett)
[2023-10-23] ansible-core 2.14.11-1 MIGRATED to testing (Debian testing watch)
[2023-10-20] Accepted ansible-core 2.14.11-1 (source) into unstable (Lee Garrett) (signed by: Mark Lee Garrett)
[2023-09-12] Accepted ansible-core 2.14.10-1 (source) into unstable (Lee Garrett) (signed by: Mark Lee Garrett)
[2023-08-21] ansible-core 2.14.9-2 MIGRATED to testing (Debian testing watch)
[2023-08-19] Accepted ansible-core 2.14.9-2 (source) into unstable (Lee Garrett) (signed by: Mark Lee Garrett)
[2023-08-18] Accepted ansible-core 2.14.9-1 (source) into unstable (Lee Garrett) (signed by: Mark Lee Garrett)
[2023-07-18] Accepted ansible-core 2.14.8-1 (source) into unstable (Lee Garrett) (signed by: Mark Lee Garrett)
[2023-07-17] Accepted ansible-core 2.14.7-1 (source) into unstable (Lee Garrett) (signed by: Mark Lee Garrett)

bugs [bug history graph]

all: 0

links

homepage
lintian (0, 1)
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.16.3-0ubuntu2
2 bugs
patches for 2.16.3-0ubuntu2