-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 11 Nov 2024 15:02:45 +0000 Source: ansible-core Architecture: source Version: 2.18.0-1 Distribution: unstable Urgency: medium Maintainer: Debian Python Team <team+python@tracker.debian.org> Changed-By: Colin Watson <cjwatson@debian.org> Changes: ansible-core (2.18.0-1) unstable; urgency=medium . * Team upload . [ Bastien Roucariès ] * Fix CVE-2024-9902: A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner. . [ Colin Watson ] * New upstream release. * Remove misleading sequence numbers from files in debian/patches. Checksums-Sha1: 53b0c8cec848fda0cbaca2c2fe3f5217444cef2e 2593 ansible-core_2.18.0-1.dsc a114b622d2d27cb16e0be9ec7e5d250ef1bc8db4 3064903 ansible-core_2.18.0.orig.tar.gz fe0f0a6cb3a316af695594318fbed29a8c762cbb 25904 ansible-core_2.18.0-1.debian.tar.xz Checksums-Sha256: 55d56055ba25893e414052797d057f2b54e1833d46253a12ea1900ae6ccfcda1 2593 ansible-core_2.18.0-1.dsc 87fbebbfe8d961e9b153e84b4438ba3a327dbfdcd4ad05a6065d9ff5d9d02e7b 3064903 ansible-core_2.18.0.orig.tar.gz 69ad003c7ee699c3ea0fbf755b261d0075ba2534f19bb39d75ee7d130d5a5ded 25904 ansible-core_2.18.0-1.debian.tar.xz Files: 85d97a4561bcc12c57b67ff55413ed9b 2593 admin optional ansible-core_2.18.0-1.dsc fc66129ba5e2255f38656e7268b2ef75 3064903 admin optional ansible-core_2.18.0.orig.tar.gz 3db50837be60beca57d2e12f62fab3c8 25904 admin optional ansible-core_2.18.0-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmcyHLYACgkQOTWH2X2G UAudwxAAlw6HdIfvS36aLnmlPDgYOQOunFljosvZLMmcrqZ0qiBIrpHKO+AS+PXw jN+3vrpEFOTBYh20V1A8g+E0llP351aq9d/FsqqWxspXMpF82rzjBe5Q3MhNmwd8 7w4EnotAmvqnUlqw33C8HNjelec7BPNb/WKL+958ji8gmHvE0hyfu5DCcFJO+rDI +M7ae41g1JfcLT3pu1VXv4g+VJaUI0/LKkQNz9kFc4L5cabtf+N0F9h1AuitvuRh UdguGRGh72jFGC5s/TqXG5PRN1FmtcxlEUmNBBYoFhAoRMN+xHUTV1XeaLql+moa Wf3uLSrZhc7gVIBa5hzDvTOMndqJOGET72rie9WfXwEZ9xxoxUNkcWACeUGpOrqu nS4Dw3SJpM+tCdqxU9z1DvuDbzSCcRhE5dimCleL3OEsBcQ+c93RAR6Yq8lnUlDs pMASlRcueNhfmEi7lMQ4tjq4cHTlaZJWHQFaRnwRjknkYyLmSRuNpjCHHSGauMIf /jnhzQSNlHvU6tHTYjwdPEWf/b5MlzlKY4zTlwH/PsFNB5hhLJa5Gld8gg+hohXM pA/4+aio/JIpVVEzobC8dp0efLH7gOLXVrCzRO28emJ2eMHZ44qWyP5hBODl06jv rTWPispXgBtrExl5VtdTBV+dj+wXIntq0C4zuwlAMteUQ2AT9/w= =lQ32 -----END PGP SIGNATURE-----