Debian Bug report logs -
#844691
ansible: CVE-2016-8647: in some circumstances the mysql_user module may fail to correctly change a password
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Harlan Lieberman-Berg <hlieberman@debian.org>:
Bug#844691; Package src:ansible.
(Fri, 18 Nov 2016 05:27:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Harlan Lieberman-Berg <hlieberman@debian.org>.
(Fri, 18 Nov 2016 05:27:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: ansible
Version: 2.1.1.0-1
Severity: important
Tags: security upstream patch
Forwarded: https://github.com/ansible/ansible-modules-core/issues/3003
Hi,
the following vulnerability was published for ansible.
CVE-2016-8647[0]:
in some circumstances the mysql_user module may fail to correctly change a password
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-8647
[1] https://github.com/ansible/ansible-modules-core/issues/3003
[2] https://github.com/ansible/ansible-modules-core/pull/5388
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Added tag(s) fixed-upstream.
Request was from bts-link-upstream@lists.alioth.debian.org
to control@bugs.debian.org.
(Thu, 01 Dec 2016 17:45:07 GMT) (full text, mbox, link).
Marked as found in versions ansible/2.2.0.0-1.
Request was from Evgeni Golov <evgeni@debian.org>
to control@bugs.debian.org.
(Sat, 03 Dec 2016 13:03:06 GMT) (full text, mbox, link).
Reply sent
to Harlan Lieberman-Berg <hlieberman@debian.org>:
You have taken responsibility.
(Sat, 14 Jan 2017 22:21:05 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sat, 14 Jan 2017 22:21:05 GMT) (full text, mbox, link).
Message #14 received at 844691-close@bugs.debian.org (full text, mbox, reply):
Source: ansible
Source-Version: 2.2.0.0-4
We believe that the bug you reported is fixed in the latest version of
ansible, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 844691@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Harlan Lieberman-Berg <hlieberman@debian.org> (supplier of updated ansible package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 14 Jan 2017 15:30:48 -0500
Source: ansible
Binary: ansible
Architecture: source
Version: 2.2.0.0-4
Distribution: unstable
Urgency: high
Maintainer: Harlan Lieberman-Berg <hlieberman@debian.org>
Changed-By: Harlan Lieberman-Berg <hlieberman@debian.org>
Closes: 844691 847546 850935
Description:
ansible - Configuration management, deployment, and task execution system
Changes:
ansible (2.2.0.0-4) unstable; urgency=high
.
* Commit to git the changelog line I actually used.
* Cherry-pick patch fixing git module error. (Closes: #850935)
* Cherry-pick patch fixing python3 + virtualenv problems. (Closes: #847546)
* Cherry-pick patch fixing CVE-2016-8647 (Closes: #844691)
Checksums-Sha1:
0daae819fcfce0f6c07557c80f71b2602456fb5d 2167 ansible_2.2.0.0-4.dsc
ba19ce2d968abcfd00fa0dbb75920ef81cb31f8f 28132 ansible_2.2.0.0-4.debian.tar.xz
Checksums-Sha256:
00ce95d62075b626945e7ebca2130c478a94338bb05c7b5d9e2f581fae4398e7 2167 ansible_2.2.0.0-4.dsc
cf3eaa600547cb247ba9e0daa7703d9ca41173da800e8e47892339876c255178 28132 ansible_2.2.0.0-4.debian.tar.xz
Files:
18e4192c52a196809d4832d9fcaebfb2 2167 admin optional ansible_2.2.0.0-4.dsc
93aa193b93f0a2424af6cefe14c57771 28132 admin optional ansible_2.2.0.0-4.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKqBAEBCgCUFiEEC4/gdC1SedxlUOKJhUCe5LmfiWEFAlh6oUlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDBC
OEZFMDc0MkQ1Mjc5REM2NTUwRTI4OTg1NDA5RUU0Qjk5Rjg5NjEWHGhsaWViZXJt
YW5AZGViaWFuLm9yZwAKCRCFQJ7kuZ+JYTgGD/9afvsFYQ4uqN6YMktROXHADfvA
rMsxQf0DMgmJZLD0fAet0od/2fxvEcpc/znPJ67aTMszZvc4GACRcbTZKFUs41ys
GuPVvigNP+zBPQkb3xuqzsRRi7xWdi8PoaQ8/HkrfACi3bh8NnNGFnsNWuB3MDeV
x2DUeTC0J4cc/YNqZ9CyS3gJvnS+QY7NUvHz9/VmBUZCtzLC8MjbtstOzQehFGaL
EHxTufx2aM9/vIJjUzFbmp66Megz+srrqhvucVm2pM1wViP+a+yo0mHwOIqxWokh
0bununvaJcBBY1xEsgBiWWGw4bTW6pjvaxZ67EG8eG40JVUKIeBYOP7rEKMIATcT
R172CAOxLRrlHjiMdyNDtVl6OVht6OmpagwzuXq6P61ywlzGMSzSMCkrAGwEYKp7
y6yIACXQTzZIUy0UdlFPQ8ahnyxTKu2tVXoXjb/S6dlbT7FQy/IihKtm9sgmeXJF
jgdJzr97sduPCIYch7wCwRKi0unOXTXgC3wG/7U2B8voaRXDAZsXYKnTmtYOClFi
dtKToRBr7g/qQyM3NkZ8c3qLbDAxnbV4bRyAdXdqCrvXoi+T1CRCB09FIhAsLuJt
hWajwtmeHOMdtbdLxWZycHv/+RXaPJMmtpUIFy81N8jkAYWefDUNWA2vy7mLsheg
xH4RLzIUqjl8Zmb3Vw==
=bXaI
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 01 Mar 2017 07:33:22 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:41:09 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon