-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 07 Nov 2024 16:36:31 +0000 Source: ansible-core Architecture: source Version: 2.17.5-5 Distribution: unstable Urgency: medium Maintainer: Debian Python Team <team+python@tracker.debian.org> Changed-By: Colin Watson <cjwatson@debian.org> Closes: 1082851 1086551 Changes: ansible-core (2.17.5-5) unstable; urgency=medium . * Team upload. . [ Bastien Roucariès ] * Fix CVE-2024-8775: A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions. (Closes: #1082851) * Bump resolvelib dependency to << 1.2 (Closes: #1086551) . [ Colin Watson ] * Disable a few tests until https://pypi.org/project/ansible-core/ is updated with upstream's resolvelib dependency change. Checksums-Sha1: 817647ba3a219631f1caa834ba9a4e3c46314510 2593 ansible-core_2.17.5-5.dsc 51f05fd12de9811bc0ba61707f79053102c3ae13 29328 ansible-core_2.17.5-5.debian.tar.xz Checksums-Sha256: 33cb37ee5f8eaf776c03f43ba6b74e244f50b3f972f50067a4e3edbedaec171b 2593 ansible-core_2.17.5-5.dsc f93a6d46b37f545bf3e26dc3eb6672545d30dcb6c9c13f91693fe5319b1ba3d2 29328 ansible-core_2.17.5-5.debian.tar.xz Files: 3cccb7a278cf7adc744732535a29e86d 2593 admin optional ansible-core_2.17.5-5.dsc 7e43ee0efcb2738d47299eb56ef3227d 29328 admin optional ansible-core_2.17.5-5.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmcs7WIACgkQOTWH2X2G UAub+w/9FaayR/8KnEMpqULNo0Ue4f8aMXuNxO+98wfZh7S3jHUgFr37c4YUGfch YnFsBnVIswGuczTx+2fTEq4zyjh3BBxBLW4iv8bwxG7QISi9JAvCSoMcJx64h2Lq rAOmy9PCiP9QuEGmzrZ9mStM8esa5TcFFFafbykRFeiAbMZtb/MUaEX/1AU6Tb8Y jRtt7+PJzHKpClb5mM6FWs1j6PN/9IO0VXsu6xkcR9pGoU7DG+B3LDdjaHedyOUZ 2LL21gjsHusQPEqiUFKUXxltH2l2cAXGdpwuVpp31t7dUwwFJOW7gMcE9pZJIvm8 68R3f8eN/4uy3m+hJG+p2Y/cs7jdUTOSNFIbJw/BKPNjjTcVAo4G+/UlTdhmdnrS X9YnjBLBKmK0rJ3mpYf1L+Upz9Omi5WfzZj4A8fiunva1WLlFL8mISeIBNfRYyZS 63PHvF8+4DgjWSQFDaydGaSZ8ptANx7rACdCRZrtll3UH+mQMZg4XcPlki4VZWyP Ke7wOxvqUsSGLc7Ojk/3PG6R0BscKVp215ZVSv6e7Jr3g/6Z15WgXUNhqgKytixf JDjNvfVHIDPzBMDPR6fvTt7bklTJRpG9sR7ibGH4BLQf46F/wnVNkg2/lOZKoDF6 l7oR88tzvC/i6VabUCw1C14DNAhIbsm2lbjKaJkN5PbkghnJZ6E= =QKa/ -----END PGP SIGNATURE-----