Your message dated Sat, 14 Jan 2017 03:03:50 +0000
with message-id <[email protected]>
and subject line Bug#850846: fixed in ansible 2.2.0.0-3
has caused the Debian Bug report #850846,
regarding ansible: CVE-2016-9587: host to controller command execution 
vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
850846: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850846
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ansible
Version: 2.2.0.0-1
Severity: grave
Tags: patch security upstream
Justification: user security hole

Hi,

the following vulnerability was published for ansible.

CVE-2016-9587[0]:
|Compromised remote hosts can lead to running commands on the Ansible
|controller

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-9587
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9587
[1] https://bugzilla.novell.com/show_bug.cgi?id=1019021
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1404378
[3] 
https://github.com/ansible/ansible/commit/ec84ff6de6eca9224bf3f22b752bb8da806611ed

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: ansible
Source-Version: 2.2.0.0-3

We believe that the bug you reported is fixed in the latest version of
ansible, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Harlan Lieberman-Berg <[email protected]> (supplier of updated ansible 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 13 Jan 2017 21:17:56 -0500
Source: ansible
Binary: ansible
Architecture: source
Version: 2.2.0.0-3
Distribution: unstable
Urgency: high
Maintainer: Harlan Lieberman-Berg <[email protected]>
Changed-By: Harlan Lieberman-Berg <[email protected]>
Closes: 850846
Description: 
 ansible    - Configuration management, deployment, and task execution system
Changes:
 ansible (2.2.0.0-3) unstable; urgency=high
 .
   * Apply additional fixes for CVE-2016-9587 (Closes: #850846)
Checksums-Sha1: 
 64492c9eda0ab22ece7bf58fca21cb9217375eb3 2167 ansible_2.2.0.0-3.dsc
 bc2ff2e3314fd6aeba769f6b3219c715d7133963 25472 ansible_2.2.0.0-3.debian.tar.xz
Checksums-Sha256: 
 a704449696d7a04460740d559ec5c1b55e870ba1fdd0f663e3f378dcded065ac 2167 
ansible_2.2.0.0-3.dsc
 0bbe9f0100a87d0136825050ca7df544ff4ca7c074f23f4849311563f81adb8b 25472 
ansible_2.2.0.0-3.debian.tar.xz
Files: 
 cbb0c7cde7c7b3e27e567e8f1cdac920 2167 admin optional ansible_2.2.0.0-3.dsc
 d6de1cefa384eff7b2a18901c330ca4a 25472 admin optional 
ansible_2.2.0.0-3.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKqBAEBCgCUFiEEC4/gdC1SedxlUOKJhUCe5LmfiWEFAlh5kcdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDBC
OEZFMDc0MkQ1Mjc5REM2NTUwRTI4OTg1NDA5RUU0Qjk5Rjg5NjEWHGhsaWViZXJt
YW5AZGViaWFuLm9yZwAKCRCFQJ7kuZ+JYejdD/9q17tY4MkjqPlL9WMN1To7D5dm
hBoDSx6T7pQ2ullrtd7jYbmvJ3fepkHS8mJrKfnRu/2cftl7EuytVNANTQ84340x
A2Kx/d1mN1a8ztdWijmScBYP4rznqkaGJ+fUaTn7aA43k8HWj32txDUb01t3ex80
EOxzP53fn9khbsAS/j//JcC9NGxNO6smX0FLb+3IqEkt2Fz1ZP1POzgv28ym3iww
yzGKru5S4yD5crfWKE+8RK08mDZYV7a9GT65zOVY5HyUtBVAhtpztVYUmgryUtCe
JAdue03kYBlYNmKDk9DAtxqSHYY+uAI4ls109hsrUY3N2N8Nc2gKeWh33YT3YbuV
MhP7IpYQoAQSZgYPibQzwmBkrIlNEaWjhPB3VE95RCLiI/0MU31hzlzI39YYTmhO
22FZyIYC9ATyolZK556KCNJMZjoKL96AXKF4iWOTz1bNwC5cgaPrjV58+5cj1bte
BsABn6kKEOzPDp6rfVtaGOaFQblMTEhz1ODFP90U8I5m181FlYdxu2PbTzt45NM8
uXJ+auga/FCVQNDZHAtRx6/dMS67wED36q98OD+HJsTKITe0yV054oo5isONdB4W
yfqxRBmc3+jgkSVPG2z6iE7IABPdFs+HYNiMefs0S+fvvyLZbb0+p7iCus1Wxs3k
gRC2i+mSY/QrCuhTfA==
=uZEw
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to