ansible (2.7.7+dfsg-1+deb10u2) buster-security; urgency=high * Non-maintainer upload by the LTS Team. * Enable autopkgtest * Add salsa-ci testing * Fix regresion on CVE-2019-10206 * Fix CVE-2021-3447: A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality * Fix CVE-2021-3583: A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity. * Fix CVE-2021-3620: A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality. * Fix CVE-2021-20178: A flaw was found in ansible module snmp_fact where credentials are disclosed in the console log by default and not protected by the security feature This flaw allows an attacker to steal privkey and authkey credentials. The highest threat from this vulnerability is to confidentiality. * CVE-2021-20191: A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using Cisco nxos moduel. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. * CVE-2022-3697: A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs. * CVE-2023-5115: An absolute path traversal attack existed in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path. (Closes: #1053693) -- Bastien Roucariès Thu, 28 Dec 2023 09:32:51 +0000 ansible (2.7.7+dfsg-1+deb10u1) buster-security; urgency=medium [ Markus Koschany ] * CVE-2019-10156 * CVE-2019-10206 * CVE-2019-14846 * CVE-2019-14864 * CVE-2019-14904 * CVE-2020-10684 * CVE-2020-10685 * CVE-2020-10729 * CVE-2020-14330 * CVE-2020-14332 * CVE-2020-14365 * CVE-2020-1733 * CVE-2020-1735 * CVE-2020-1739 * CVE-2020-1740 * CVE-2020-1746 * CVE-2020-1753 * CVE-2021-20228 [ Lee Garrett ] * Add python3-distutils to Depends (Closes: #962332) -- Lee Garrett Tue, 27 Jul 2021 22:09:11 +0200 ansible (2.7.7+dfsg-1) unstable; urgency=high * New upstream release * Remove Michael Vogt from uploaders. Thanks for your past contributions! * Fix path traversal bug in fetch module (CVE-2019-3828) -- Lee Garrett Thu, 21 Feb 2019 08:44:57 +0100 ansible (2.7.6+dfsg-1) unstable; urgency=medium * New upstream release * Support 'nodoc' build profile * Add sphinxdoc dependencies (Closes: #919830) * Bump Standards-Version to 4.3.0 (no changes needed) -- Lee Garrett Sat, 26 Jan 2019 15:16:27 +0100 ansible (2.7.5+dfsg-2) experimental; urgency=medium * Switch to python3. (Closes: #850669) -- Lee Garrett Mon, 31 Dec 2018 01:02:08 +0100 ansible (2.7.5+dfsg-1) unstable; urgency=medium * New upstream release - fix for CVE-2018-16876 (Closes: #916102) * Remove any loading of external resources from the docs * Only symlink JS that dh_sphinxdoc doesn't take care of * Override lintian for a long line in layout.html * Build ansible-doc again (Closes: #848871) * Add build-depends to python-jinja2 (Closes: #915316) * Bump Standards-Version (no changes needed) -- Lee Garrett Wed, 19 Dec 2018 11:35:55 +0100 ansible (2.7.1+dfsg-2) unstable; urgency=medium * Add build-depends to python-packaging (Closes: #912995) -- Lee Garrett Tue, 13 Nov 2018 11:03:34 +0100 ansible (2.7.1+dfsg-1) unstable; urgency=medium [ Ondřej Nový ] * d/copyright: Use https protocol in Format field [ Lee Garrett ] * New upstream release * Move from asciidoc to docutils (Closes: #894188) * Document packaging build process (Closes: #911027) -- Lee Garrett Sun, 28 Oct 2018 14:06:43 +0100 ansible (2.6.5+dfsg-1) unstable; urgency=medium * New upstream release * Greetings from the Chemnitz BSP! -- Lee Garrett Sat, 29 Sep 2018 15:24:01 +0200 ansible (2.6.4+dfsg-1) unstable; urgency=medium * New upstream release. -- Lee Garrett Sun, 09 Sep 2018 20:07:55 +0200 ansible (2.6.3+dfsg-1) unstable; urgency=medium * New upstream release. -- Lee Garrett Mon, 20 Aug 2018 15:53:28 +0200 ansible (2.6.1+dfsg-1) unstable; urgency=medium * New upstream release. * Avoid loading host/group vars from cwd when not specifying a playbook or playbook base dir (CVE-2018-10874) * Avoid using ansible.cfg in a world writable dir (CVE-2018-10875) -- Lee Garrett Wed, 11 Jul 2018 23:25:18 +0200 ansible (2.5.5+dfsg-1) unstable; urgency=medium * New upstream release. -- Lee Garrett Fri, 15 Jun 2018 17:01:00 +0200 ansible (2.5.3+dfsg-2) unstable; urgency=medium * Merge the alioth and salsa repos * Fix again README.rst that was accidentally reverted in the previous upload (Closes: #898433) * Update VCS fields in debian/control to point to salsa.debian.org. -- Lee Garrett Sat, 19 May 2018 19:37:54 +0200 ansible (2.5.3+dfsg-1) unstable; urgency=medium * New upstream release. -- Lee Garrett Fri, 18 May 2018 13:50:03 +0200 ansible (2.5.2+dfsg-2) unstable; urgency=medium * Correct d/docs to point to README.rst. (Closes: #898433) -- Harlan Lieberman-Berg Sat, 12 May 2018 14:46:38 -0400 ansible (2.5.2+dfsg-1) unstable; urgency=medium * New upstream release. -- Lee Garrett Sat, 28 Apr 2018 17:39:10 +0200 ansible (2.5.1+dfsg-1) unstable; urgency=medium * New upstream release. -- Lee Garrett Thu, 19 Apr 2018 11:22:34 +0200 ansible (2.5.0+dfsg-1) unstable; urgency=medium * New upstream release. -- Lee Garrett Sun, 25 Mar 2018 14:39:53 +0200 ansible (2.4.3.0+dfsg-1) unstable; urgency=medium * New upstream release. -- Lee Garrett Thu, 01 Feb 2018 13:45:09 +0100 ansible (2.4.2.0+dfsg-1) unstable; urgency=medium * New upstream release. * Bump Standards-Version to 4.1.1 (no changes needed) * Add new manpages for ansible-config and ansible-inventory, added in 2.4.0. -- Lee Garrett Wed, 06 Dec 2017 20:48:46 +0100 ansible (2.4.0.0+dfsg-1) unstable; urgency=medium * New upstream release. * Remove 0002-fix-jinja-1.9-upgrade.patch, applied upstream. -- Lee Garrett Wed, 20 Sep 2017 00:52:02 +0200 ansible (2.3.2.0+dfsg-1) unstable; urgency=medium * New upstream release. * Remove 01-fix-htpasswd.patch, applied upstream. * Upstream fixes: - Fix --force for unversioned requirements (Closes: #874194) - attempt to fix systemd in chroot env (Closes: 873890) -- Lee Garrett Sun, 10 Sep 2017 21:20:43 -0400 ansible (2.3.1.0+dfsg-2) unstable; urgency=high * Import patch fixing jinja2 issues (Closes: #870599, #871601) * Revert python-jinja2 pin. -- Harlan Lieberman-Berg Sun, 27 Aug 2017 19:57:43 -0400 ansible (2.3.1.0+dfsg-1) unstable; urgency=high [ Lee Garrett ] * The "Harlan is late for DebCamp" release. * New upstream release (Closes: #845613, 851619, #868553) - fixed CVE-2017-7481 (Closes: #862666) * Add python-libcloud to recommends (Closes: #869751) * Add python-jmespath to recommends (Closes: #859999) * Bump Standards-Version to 4.0.0 (no changes needed) * Add python-cryptography to recommends to speed up vault operations. * Drop 0001-add-console-manpage.patch and 0002-fix-cve-2017-7466.patch, both applied upstream. [ Harlan Lieberman-Berg ] * Pin python-jinja2 against incompatible new releases. * Import patch fixing htpasswd module. (Closes: #863949) -- Harlan Lieberman-Berg Mon, 07 Aug 2017 17:26:53 -0400 ansible (2.2.1.0-2) unstable; urgency=medium * Add patch to fix CVE-2017-7466. -- Harlan Lieberman-Berg Wed, 12 Apr 2017 00:56:30 -0400 ansible (2.2.1.0-1) unstable; urgency=medium * New upstream release * Remove following patches, applied upstream: - fix_CVE-2016-8647.patch - fix_pip_venv.patch - fix_UnboundedLocalError.patch - fix-cve-2016-9587.patch * Add myself to uploaders. -- Lee Garrett Sat, 21 Jan 2017 21:27:15 +0100 ansible (2.2.0.0-4) unstable; urgency=high * Commit to git the changelog line I actually used. * Cherry-pick patch fixing git module error. (Closes: #850935) * Cherry-pick patch fixing python3 + virtualenv problems. (Closes: #847546) * Cherry-pick patch fixing CVE-2016-8647 (Closes: #844691) -- Harlan Lieberman-Berg Sat, 14 Jan 2017 15:30:48 -0500 ansible (2.2.0.0-3) unstable; urgency=high * Apply additional fixes for CVE-2016-9587 (Closes: #850846) -- Harlan Lieberman-Berg Fri, 13 Jan 2017 21:17:56 -0500 ansible (2.2.0.0-2) unstable; urgency=high * Cherry-pick patch to fix CVE-2016-9587 (Closes: #850846) -- Harlan Lieberman-Berg Tue, 10 Jan 2017 20:14:07 -0500 ansible (2.2.0.0-1) unstable; urgency=medium * New upstream release: (Closes: #843763) - CVE-2016-8628 (Closes: #842985) - CVE-2016-8614 (Closes: #842984) * Add python-kerberos, python-winrm, python-xmltodict to Recommends, needed to manage Windows hosts. (Closes: #843995) * Suggest cowsay (Closes: #834056) -- Lee Garrett Fri, 25 Nov 2016 20:52:24 +0100 ansible (2.1.1.0-1) unstable; urgency=medium * New upstream release. * Update cme copyright helper files. * Drop ansible-*fireball, as it is no longer supported. -- Harlan Lieberman-Berg Sun, 31 Jul 2016 22:02:59 -0400 ansible (2.1.0.0-1) unstable; urgency=medium * New upstream release. (Closes: #826927, #814371) * Update d/copyright; add cme hinting files. * Bump S-V; no changes required * Add manpage for ansible-console. -- Harlan Lieberman-Berg Sun, 12 Jun 2016 21:12:05 -0400 ansible (2.0.2.0-1) unstable; urgency=medium * New upstream release * Remove patches applied upstream * Change maintainer from Janos to me -- Harlan Lieberman-Berg Tue, 19 Apr 2016 22:31:25 -0400 ansible (2.0.1.0-2) unstable; urgency=medium * Backport patches to fix vulns in lxc plugin (Closes: #819676) * Update my email address -- Harlan Lieberman-Berg Sun, 10 Apr 2016 18:37:37 -0400 ansible (2.0.1.0-1) unstable; urgency=medium * New upstream release. * Fix Vcs-git URI. * Bump standards version. -- Harlan Lieberman-Berg Thu, 25 Feb 2016 23:03:33 -0500 ansible (2.0.0.2-2) unstable; urgency=medium * Migrate to unstable. * Switch Vcs-git to https. -- Harlan Lieberman-Berg Mon, 08 Feb 2016 07:15:41 -0500 ansible (2.0.0.2-1) experimental; urgency=medium * New upstream version. -- Harlan Lieberman-Berg Fri, 15 Jan 2016 20:15:26 -0500 ansible (2.0.0.1-1) experimental; urgency=medium * New upstream version. * Fix up d/control's spacing, ordering. * Extensive update of d/copyright with cme. -- Harlan Lieberman-Berg Tue, 12 Jan 2016 22:56:34 -0500 ansible (1.9.4-1) unstable; urgency=medium * New upstream version. -- Harlan Lieberman-Berg Sat, 10 Oct 2015 17:51:09 -0400 ansible (1.9.3-1) unstable; urgency=medium * New upstream version. -- Harlan Lieberman-Berg Thu, 03 Sep 2015 21:06:03 -0400 ansible (1.9.2+dfsg-2) unstable; urgency=low * Fix suggestion of no-longer-built ansible-doc. (Closes: #795532) . Ansible used to ship their website which contained the manual for using ansible and learning it. They no longer ship this in released versions, thus ansible-doc was removed. -- Harlan Lieberman-Berg Sat, 15 Aug 2015 09:29:31 +0200 ansible (1.9.2+dfsg-1) unstable; urgency=medium * New upstream version. (Closes: #773526) * Add dependency on python-netaddr (Closes: #790234) * Heavy refactoring due to upstream release changes * New, comprehensive d/copyright. -- Harlan Lieberman-Berg Sat, 27 Jun 2015 23:12:55 -0400 ansible (1.7.2+dfsg-2) unstable; urgency=low * Add updated paths to d/copyright. -- Harlan Lieberman-Berg Thu, 02 Oct 2014 17:31:12 -0400 ansible (1.7.2+dfsg-1) unstable; urgency=medium * New upstream release. -- Harlan Lieberman-Berg Wed, 24 Sep 2014 16:55:14 -0400 ansible (1.7.1+dfsg-1) unstable; urgency=medium * New upstream release. -- Harlan Lieberman-Berg Thu, 14 Aug 2014 20:13:22 -0400 ansible (1.7.0+dfsg-1) unstable; urgency=medium * New upstream release. * Refresh and remove outdated patches. * Add python-selinux to Recommends for SELinux support. (Closes: #757358) -- Harlan Lieberman-Berg Wed, 06 Aug 2014 21:15:22 -0400 ansible (1.6.10+dfsg-1) unstable; urgency=high * New upstream release. -- Harlan Lieberman-Berg Fri, 25 Jul 2014 20:00:08 -0400 ansible (1.6.9+dfsg-1) unstable; urgency=medium * New upstream release. -- Harlan Lieberman-Berg Fri, 25 Jul 2014 00:06:50 -0400 ansible (1.6.8+dfsg-1) unstable; urgency=medium * New upstream release, fixing: CVE-2014-4966, CVE-2014-4967. -- Harlan Lieberman-Berg Wed, 23 Jul 2014 01:12:09 -0400 ansible (1.6.6+dfsg-1) unstable; urgency=high * New upstream release. -- Harlan Lieberman-Berg Wed, 02 Jul 2014 01:35:05 +0000 ansible (1.6.5+dfsg-1) unstable; urgency=high * New upstream release, x2. * Switch to using Files-Excluded to repack upstream for DFSG. -- Harlan Lieberman-Berg Wed, 25 Jun 2014 22:03:26 +0000 ansible (1.6.3+dfsg-1) unstable; urgency=medium * New upstream release. -- Harlan Lieberman-Berg Tue, 10 Jun 2014 00:23:17 +0000 ansible (1.6.2+dfsg-1) unstable; urgency=medium [ Felix Geyer ] * Run upstream build tests during the build. (Closes: #749406) [ Harlan Lieberman-Berg ] * New upstream version. * Packaged version from tip of upstream branch release1.6.2 instead of tagged version, as it contains a fix needed to prevent FTBFS. -- Harlan Lieberman-Berg Sun, 25 May 2014 17:50:03 +0000 ansible (1.6.1+dfsg-1) unstable; urgency=medium * New upstream version. -- Harlan Lieberman-Berg Wed, 07 May 2014 18:49:07 +0000 ansible (1.6.0+dfsg-1) unstable; urgency=medium * New upstream version. * Remove patches applied upstream. * Fix manpage warning. -- Harlan Lieberman-Berg Tue, 06 May 2014 03:07:30 +0000 ansible (1.5.5+dfsg-1) unstable; urgency=medium * New upstream version 1.5.5, security update. * d/control: Add myself to Uploaders to silence Lintian * Refresh patches for new version. Add DEP-3 headers to one patch. -- Harlan Lieberman-Berg Mon, 21 Apr 2014 16:51:47 -0400 ansible (1.5.4+dfsg-1) unstable; urgency=medium * Pull missing manpages from upstream development branch. * New upstream version 1.5.4, security update. * Add patch to correct directory_mode functionality. (Closes: #743027) -- Harlan Lieberman-Berg Tue, 01 Apr 2014 22:00:24 -0400 ansible (1.5.3+dfsg-1) unstable; urgency=low [ Harlan Lieberman-Berg ] * New upstream version. * Update Ansible homepage URL. * Add FontAwesome to d/copyright, remove non-existant files. * Refresh all patches, removing some related to documentation. * Add new dependency on python-crypto. [ Michael Vogt ] * add "sshpass" to Suggests * add "openssh-client | python-paramiko" to depends -- Michael Vogt Tue, 18 Mar 2014 14:33:23 +0100 ansible (1.4.5+dfsg-1) unstable; urgency=medium * New upstream release -- Michael Vogt Thu, 20 Feb 2014 08:58:14 +0100 ansible (1.4.4+dfsg-1) unstable; urgency=low * New upstream release -- Michael Vogt Tue, 07 Jan 2014 19:58:44 +0100 ansible (1.4.3+dfsg-2) unstable; urgency=low * add "Suggests: ansible-doc" to the dependency, thanks to Ben Finney (closes: #729350) * Fix Vcs-Browser, thanks to Alessandro Ghedini (closes: #731482) -- Michael Vogt Tue, 07 Jan 2014 10:58:44 +0100 ansible (1.4.3+dfsg-1) unstable; urgency=low * New upstream release -- Michael Vogt Fri, 27 Dec 2013 09:48:35 +0100 ansible (1.4.1+dfsg-1) unstable; urgency=low * New upstream version * add asciidoc build-depends -- Michael Vogt Tue, 03 Dec 2013 08:17:05 +0100 ansible (1.4.0+dfsg-1) unstable; urgency=low * new upstream version * debian/rules: - remove sed manpage fixes, fixed upstream * debian/patches/fix-html-makefile: - removed, fixed upstream -- Michael Vogt Sun, 24 Nov 2013 10:41:27 +0100 ansible (1.3.4+dfsg-1) unstable; urgency=low [ Harlan Lieberman-Berg ] * New upstream release (Closes: #717777). Fixes CVE-2013-2233 (Closes: #714822). Fixes CVE-2013-4259 (Closes: #721766). * Drop fix-ansible-cfg patch. * Change docsite generation to not expect docs as part of a wordpress install. * Add trivial patch to fix lintian error with rpm-key script. * Add patch header information to fix-html-makefile. [ Michael Vogt ] * add myself to uploader * build/ship the module manpages for ansible in the ansible package -- Michael Vogt Fri, 01 Nov 2013 09:40:59 +0100 ansible (1.2.1+dfsg-1) unstable; urgency=low * New upstream release. * Drop remove-external-training-references.patch -- Michael Vogt Sat, 13 Jul 2013 21:40:49 +0200 ansible (1.1+dfsg-1) unstable; urgency=low * New upstream release. * Update patches disable-google-analytics.patch and remove-external-image.patch to apply cleanly. * Add remove-external-footer-image.patch to remove link on external resource. * Add remove-external-training-references.patch: Training advertise contains links to external resources that may not be available or may be used for tracking users activity without their knowledge by the third-party. -- Janos Guljas Sat, 06 Apr 2013 23:27:08 +0200 ansible (0.9+dfsg-1) unstable; urgency=low * Initial release. (Closes: #698428) -- Janos Guljas Wed, 23 Jan 2013 01:52:40 +0100