Bug#1057427: marked as done (ansible-core: CVE-2023-5764: internal templating can cause unsafe variables to lose their unsafe designation)

Sat, 16 Dec 2023 00:09:17 -0800 

Your message dated Sat, 16 Dec 2023 09:06:11 +0100
with message-id <[email protected]>
and subject line [[email protected]: Accepted ansible-core 
2.14.13-1 (source) into unstable]
has caused the Debian Bug report #1057427,
regarding ansible-core: CVE-2023-5764: internal templating can cause unsafe 
variables to lose their unsafe designation
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1057427: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057427
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: ansible-core
Version: 2.14.11-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/ansible/ansible/pull/82295 
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for ansible-core.

CVE-2023-5764[0]:
| internal templating can cause unsafe variables to lose their unsafe
| designation


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-5764
    https://www.cve.org/CVERecord?id=CVE-2023-5764
[1] https://github.com/ansible/ansible/pull/82295 

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: ansible-core
Source-Version: 2.14.13-1

This fixes as well CVE-2023-5764 (#1057427). Closing the bug now
manually.

----- Forwarded message from Debian FTP Masters 
<[email protected]> -----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 12 Dec 2023 11:20:17 +0100
Source: ansible-core
Architecture: source
Version: 2.14.13-1
Distribution: unstable
Urgency: medium
Maintainer: Lee Garrett <[email protected]>
Changed-By: Lee Garrett <[email protected]>
Changes:
 ansible-core (2.14.13-1) unstable; urgency=medium
 .
   * New upstream version 2.14.13
   * Update package to conform to DEP-14 packaging layout
   * Update dep3 patch headers
Checksums-Sha1:
 5fc69fe0551be4e392a6acf0bef9f730f728a3a2 3082 ansible-core_2.14.13-1.dsc
 b0fcd53b90bbb52710298971bbc890109d6cea36 3145413 
ansible-core_2.14.13.orig.tar.gz
 a0a5fda474c5801f753fafec3544e59be4aada1d 20676 
ansible-core_2.14.13-1.debian.tar.xz
 b37a4c8599b36ebc62b0cae152b211882d49ab43 8174 
ansible-core_2.14.13-1_amd64.buildinfo
Checksums-Sha256:
 e88306c761f6100e4c83e2b02a78c89ba354bff189013718920ea16eee6fe17f 3082 
ansible-core_2.14.13-1.dsc
 4e1bb334f0c3226ab48c599efe49cd5fe03f25d4558bc06c274ade2ba3e2576a 3145413 
ansible-core_2.14.13.orig.tar.gz
 0b6064f132160e1758ced2e907c687af039c2b530611a95744fd8e0bb44d7c5e 20676 
ansible-core_2.14.13-1.debian.tar.xz
 9e60788fefb464eddaa9251c89aec0ba7f391492c40c12f0b22d6d9a7387e188 8174 
ansible-core_2.14.13-1_amd64.buildinfo
Files:
 0bf162b2f12d94abb7098082a754c274 3082 admin optional ansible-core_2.14.13-1.dsc
 2671a5553a700849aa5c9bc3f4fa6397 3145413 admin optional 
ansible-core_2.14.13.orig.tar.gz
 880990af4875fa73289e4fa98ae6f423 20676 admin optional 
ansible-core_2.14.13-1.debian.tar.xz
 488836d49262c72ea10a8621a8907c80 8174 admin optional 
ansible-core_2.14.13-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEE2EfGJRCpwv8kLOAs1gShxII+4PgFAmV4NlMACgkQ1gShxII+
4Pi78x/9GMafk89Mg/CzB9Ds5kgkOATk5N/0Evj0igiZLsQJj6V18MyrO6bAy/R3
/cD0VZShRMuTVEbsJ1A/CYZv2vHwn8ZEwFirMKZYLhRGxf88OHNHr8Kty3tu+d6F
IJJbaYCEeEmDAqYnpgfWOaJzU+UMovQS6dVoM9eh9twTpbZehTLudNY9zICk2NWX
O1XJT4xWMCOwUE2FltQlLRrAXoWNx/bW7eA0hCJM03LKRPvNFd5fYmFpvARU9edF
v1sPcK7zRAcWat/d57vbRiKuejMm6J7kuCGL4d3PeV+I7V6FfoUtrv2Ti8PnGkk7
od3GVag+KhK/uDZUlUqUo93Lm8ytxKehkRJPX+l5u5P6j6+USli0HAbED7V2ygs2
QuAFgrCh52dJDEyxy9eCpRQS/U4PHIsYTbbM1fqRfxeazD9VPsft6rOu+B4hbGNq
2xlitZWPHJxus4qsGfPr9hl5bPfl7vHwv/5qffMzGB6VxyHpAUKPH5g1/qbMevdr
B9ehB0I1wHGJFx0GsCLzN6SVLV8qIkWgX0xAs9wQ+jjGw7f0zpjOCkUQYH+lyzqb
I8NiwUK0UAOjDVnZUHI9wHZYVlG/pMAnMNDp8ewzsxpPfHtD/g2E9lvQCW+cULR1
IeknprHsHVdepg84Fh7mVvXVvzuSR+7V/VrCf57NUhAxSXbdmUgm3l3W3GkSbMks
8PM6gW8cjpUfLJOtHQZ8eDfRiiXhhp2ApKEWw71A1w2yv5tdf27IdkM0Gewn3cuG
Y+qVLII+IsJiUFT7dfwL5HWhC0dlnonA2kbqM3+2gwYxH4Alo9+jXGrLuRSUCBVu
YO6HNBpkUtM43MKULHF7lpOer/vzStl4t/kpzXZ+62QcGEPiDLSI3R0BgEtm7ake
wd+RfncqBI36AqVKgFWUofSZwzYwnhLkPk8jySTSnfEdG1t0to/bbcuL84s5vKNZ
F6KHqw5/lE6sm/amPcNA5yHALHrSzZ/hoKwAmt3UFrcso+lbh7Ovv4I//bmPQqS6
tHs3uTgyTJBk1Dq9/ypa+bsr0ADN3d8zEiMjAeESThC88KF0GoHg+cZbgg5gGxAj
KQDCZPIIn1H3SSWmu4rPjd9UDiApOtKtxqtqGPRLJ9vZ2kHCxz3YJFgWOVIETqjb
q/gCY116SpbTS5DykE3Qb4LakJntRBi4uKN4IqvEPKw+d6hUlcDkr8sJIpYUbUQX
qZrMC3JdKWWOGiHTdSSUqs/gaYtzV+BIwb4YOvyN5oNU8oJ+S8ohtcCUxjRYYKk+
RkvOaBCxhgk3t3EePg+dtfRzRG9nWw0tstyGsL42uqQf+XE7bVtCNxxTOud2D6dd
Efh1FdljXJyZguALDZt1CAqmNXdFag==
=nHa7
-----END PGP SIGNATURE-----


----- End forwarded message -----

--- End Message ---

Reply via email to