info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1053693: ansible-core: CVE-2023-5115
39 views
Skip to first unread message
Salvatore Bonaccorso
Oct 8, 2023, 4:50:04 PM10/8/23
to
Source: ansible-core
Version: 2.14.10-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/ansible/ansible/pull/81780
X-Debbugs-Cc: car...@debian.org, Debian Security Team <te...@security.debian.org>
Hi,
The following vulnerability was published for ansible-core.
CVE-2023-5115[0]:
| malicious role archive can cause ansible-galaxy to overwrite
| arbitrary files
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-5115
https://www.cve.org/CVERecord?id=CVE-2023-5115
[1] https://github.com/ansible/ansible/pull/81780
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Version: 2.14.10-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/ansible/ansible/pull/81780
X-Debbugs-Cc: car...@debian.org, Debian Security Team <te...@security.debian.org>
Hi,
The following vulnerability was published for ansible-core.
CVE-2023-5115[0]:
| malicious role archive can cause ansible-galaxy to overwrite
| arbitrary files
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-5115
https://www.cve.org/CVERecord?id=CVE-2023-5115
[1] https://github.com/ansible/ansible/pull/81780
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Salvatore Bonaccorso
Oct 21, 2023, 3:30:05 PM10/21/23
to
Source: ansible-core
Source-Version: 2.14.11-1
ansible-core (2.14.11-1) unstable; urgency=medium
.
* New upstream version 2.14.11
* Fix galaxy tests
* Fix lintian override
* Update changelog and release to unstable
This should fix as well CVE-2023-5115 / 1053693, so closing
manually.
Regards,
Salvatore
Source-Version: 2.14.11-1
ansible-core (2.14.11-1) unstable; urgency=medium
.
* New upstream version 2.14.11
* Fix galaxy tests
* Fix lintian override
* Update changelog and release to unstable
This should fix as well CVE-2023-5115 / 1053693, so closing
manually.
Regards,
Salvatore
0 new messages