Your message dated Thu, 07 Nov 2024 17:04:27 +0000
with message-id <[email protected]>
and subject line Bug#1082851: fixed in ansible-core 2.17.5-5
has caused the Debian Bug report #1082851,
regarding ansible-core: CVE-2024-8775
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1082851: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082851
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ansible-core
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for ansible-core.
CVE-2024-8775[0]:
| A flaw was found in Ansible, where sensitive information stored in
| Ansible Vault files can be exposed in plaintext during the execution
| of a playbook. This occurs when using tasks such as include_vars to
| load vaulted variables without setting the no_log: true parameter,
| resulting in sensitive data being printed in the playbook output or
| logs. This can lead to the unintentional disclosure of secrets like
| passwords or API keys, compromising security and potentially
| allowing unauthorized access or actions.
There isn't a lot of details, currently only
https://bugzilla.redhat.com/show_bug.cgi?id=2312119
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-8775
https://www.cve.org/CVERecord?id=CVE-2024-8775
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: ansible-core
Source-Version: 2.17.5-5
Done: Colin Watson <[email protected]>
We believe that the bug you reported is fixed in the latest version of
ansible-core, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <[email protected]> (supplier of updated ansible-core package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 07 Nov 2024 16:36:31 +0000
Source: ansible-core
Architecture: source
Version: 2.17.5-5
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <[email protected]>
Changed-By: Colin Watson <[email protected]>
Closes: 1082851 1086551
Changes:
ansible-core (2.17.5-5) unstable; urgency=medium
.
* Team upload.
.
[ Bastien Roucariès ]
* Fix CVE-2024-8775: A flaw was found in Ansible,
where sensitive information stored in Ansible Vault
files can be exposed in plaintext during the execution
of a playbook. This occurs when using tasks such as
include_vars to load vaulted variables without
setting the no_log: true parameter, resulting in
sensitive data being printed in the playbook output
or logs. This can lead to the unintentional disclosure
of secrets like passwords or API keys, compromising
security and potentially allowing unauthorized
access or actions.
(Closes: #1082851)
* Bump resolvelib dependency to << 1.2 (Closes: #1086551)
.
[ Colin Watson ]
* Disable a few tests until https://pypi.org/project/ansible-core/ is
updated with upstream's resolvelib dependency change.
Checksums-Sha1:
817647ba3a219631f1caa834ba9a4e3c46314510 2593 ansible-core_2.17.5-5.dsc
51f05fd12de9811bc0ba61707f79053102c3ae13 29328
ansible-core_2.17.5-5.debian.tar.xz
Checksums-Sha256:
33cb37ee5f8eaf776c03f43ba6b74e244f50b3f972f50067a4e3edbedaec171b 2593
ansible-core_2.17.5-5.dsc
f93a6d46b37f545bf3e26dc3eb6672545d30dcb6c9c13f91693fe5319b1ba3d2 29328
ansible-core_2.17.5-5.debian.tar.xz
Files:
3cccb7a278cf7adc744732535a29e86d 2593 admin optional ansible-core_2.17.5-5.dsc
7e43ee0efcb2738d47299eb56ef3227d 29328 admin optional
ansible-core_2.17.5-5.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmcs7WIACgkQOTWH2X2G
UAub+w/9FaayR/8KnEMpqULNo0Ue4f8aMXuNxO+98wfZh7S3jHUgFr37c4YUGfch
YnFsBnVIswGuczTx+2fTEq4zyjh3BBxBLW4iv8bwxG7QISi9JAvCSoMcJx64h2Lq
rAOmy9PCiP9QuEGmzrZ9mStM8esa5TcFFFafbykRFeiAbMZtb/MUaEX/1AU6Tb8Y
jRtt7+PJzHKpClb5mM6FWs1j6PN/9IO0VXsu6xkcR9pGoU7DG+B3LDdjaHedyOUZ
2LL21gjsHusQPEqiUFKUXxltH2l2cAXGdpwuVpp31t7dUwwFJOW7gMcE9pZJIvm8
68R3f8eN/4uy3m+hJG+p2Y/cs7jdUTOSNFIbJw/BKPNjjTcVAo4G+/UlTdhmdnrS
X9YnjBLBKmK0rJ3mpYf1L+Upz9Omi5WfzZj4A8fiunva1WLlFL8mISeIBNfRYyZS
63PHvF8+4DgjWSQFDaydGaSZ8ptANx7rACdCRZrtll3UH+mQMZg4XcPlki4VZWyP
Ke7wOxvqUsSGLc7Ojk/3PG6R0BscKVp215ZVSv6e7Jr3g/6Z15WgXUNhqgKytixf
JDjNvfVHIDPzBMDPR6fvTt7bklTJRpG9sR7ibGH4BLQf46F/wnVNkg2/lOZKoDF6
l7oR88tzvC/i6VabUCw1C14DNAhIbsm2lbjKaJkN5PbkghnJZ6E=
=QKa/
-----END PGP SIGNATURE-----
pgpKGOcYPiMAW.pgp
Description: PGP signature
--- End Message ---
