ansible (1.7.2+dfsg-2+deb8u3) jessie-security; urgency=high

  * Non-maintainer upload by the LTS Team.
  * CVE-2020-1740: a flaw was found when using Ansible Vault for editing
    encrypted files. When a user executes "ansible-vault edit", another
    user on the same computer can read the old and new secret, as it is
    created in a temporary file with mkstemp and the returned file
    descriptor is closed and the method write_data is called to write the
    existing secret in the file. This method will delete the file before
    recreating it insecurely.
  * CVE-2020-1739: a flaw was found when a password is set with the
    argument "password" of svn module, it is used on svn command line,
    disclosing to other users within the same node. An attacker could take
    advantage by reading the cmdline file from that particular PID on the
    procfs.
  * CVE-2020-1733: a race condition flaw was found when running a playbook
    with an unprivileged become user. When Ansible needs to run a module
    with become user, the temporary directory is created in /var/tmp. This
    directory is created with "umask 77 && mkdir -p <dir>"; this operation
    does not fail if the directory already exists and is owned by another
    user. An attacker could take advantage to gain control of the become
    user as the target directory can be retrieved by iterating
    '/proc/<pid>/cmdline'.
  * CVE-2019-14846: ansible was logging at the DEBUG level which lead to a
    disclosure of credentials if a plugin used a library that logged
    credentials at the DEBUG level. This flaw does not affect Ansible
    modules, as those are executed in a separate process.

 -- Sylvain Beucler <beuc@debian.org>  Tue, 5 May 2020 15:32:41 +0200

ansible (1.7.2+dfsg-2+deb8u2) jessie-security; urgency=high

  * Non-maintainer upload by the LTS Team.
  * CVE-2015-3908: Fix potential man-in-the-middle attack associated with
    insusfficient X.509 certificate verification.  Ansible did not verify that
    the server hostname matches a domain name in the subject's Common Name (CN)
    or subjectAltName field of the X.509 certificate, which allows
    man-in-the-middle attackers to spoof SSL servers via an arbitrary valid
    certificate.
  * CVE-2015-6240: Fix a symlink attack that allows local users to escape a
    restricted environment (chroot or jail) via a symlink attack.
  * CVE-2018-10875: Fix potential arbitrary code execution resulting from
    reading ansible.cfg from a world-writable current working directory.  This
    condition now causes ansible to emit a warning and ignore the ansible.cfg
    in the world-writable current working directory.
  * CVE-2019-10156: Fix information disclosure through unexpected variable
    substitution. (Closes: #930065)

 -- Roberto C. Sanchez <roberto@debian.org>  Fri, 06 Sep 2019 08:01:41 -0400

ansible (1.7.2+dfsg-2+deb8u1) jessie-security; urgency=high

  * CVE-2018-16837: Fix a potential SSH passphrase disclosure vulnerability.
    The "User" module leaked data that was passed as a parameter to the
    ssh-keygen(1) utility thus revealing any credentials in cleartext form
    in the global process list. (Closes: #912297)

 -- Chris Lamb <lamby@debian.org>  Mon, 12 Nov 2018 11:43:08 +0100

ansible (1.7.2+dfsg-2) unstable; urgency=low

  * Add updated paths to d/copyright.

 -- Harlan Lieberman-Berg <H.LiebermanBerg@gmail.com>  Thu, 02 Oct 2014 17:31:12 -0400

ansible (1.7.2+dfsg-1) unstable; urgency=medium

  * New upstream release.

 -- Harlan Lieberman-Berg <H.LiebermanBerg@gmail.com>  Wed, 24 Sep 2014 16:55:14 -0400

ansible (1.7.1+dfsg-1) unstable; urgency=medium

  * New upstream release.

 -- Harlan Lieberman-Berg <H.LiebermanBerg@gmail.com>  Thu, 14 Aug 2014 20:13:22 -0400

ansible (1.7.0+dfsg-1) unstable; urgency=medium

  * New upstream release.
  * Refresh and remove outdated patches.
  * Add python-selinux to Recommends for SELinux support. (Closes: #757358)

 -- Harlan Lieberman-Berg <H.LiebermanBerg@gmail.com>  Wed, 06 Aug 2014 21:15:22 -0400

ansible (1.6.10+dfsg-1) unstable; urgency=high

  * New upstream release.

 -- Harlan Lieberman-Berg <H.LiebermanBerg@gmail.com>  Fri, 25 Jul 2014 20:00:08 -0400

ansible (1.6.9+dfsg-1) unstable; urgency=medium

  * New upstream release.

 -- Harlan Lieberman-Berg <H.LiebermanBerg@gmail.com>  Fri, 25 Jul 2014 00:06:50 -0400

ansible (1.6.8+dfsg-1) unstable; urgency=medium

  * New upstream release, fixing:
    CVE-2014-4966, CVE-2014-4967.

 -- Harlan Lieberman-Berg <H.LiebermanBerg@gmail.com>  Wed, 23 Jul 2014 01:12:09 -0400

ansible (1.6.6+dfsg-1) unstable; urgency=high

  * New upstream release.

 -- Harlan Lieberman-Berg <H.LiebermanBerg@gmail.com>  Wed, 02 Jul 2014 01:35:05 +0000

ansible (1.6.5+dfsg-1) unstable; urgency=high

  * New upstream release, x2.
  * Switch to using Files-Excluded to repack upstream for DFSG.

 -- Harlan Lieberman-Berg <H.LiebermanBerg@gmail.com>  Wed, 25 Jun 2014 22:03:26 +0000

ansible (1.6.3+dfsg-1) unstable; urgency=medium

  * New upstream release.

 -- Harlan Lieberman-Berg <H.LiebermanBerg@gmail.com>  Tue, 10 Jun 2014 00:23:17 +0000

ansible (1.6.2+dfsg-1) unstable; urgency=medium

  [ Felix Geyer ]
  * Run upstream build tests during the build. (Closes: #749406)

  [ Harlan Lieberman-Berg ]
  * New upstream version.
  * Packaged version from tip of upstream branch release1.6.2 instead of
    tagged version, as it contains a fix needed to prevent FTBFS.

 -- Harlan Lieberman-Berg <H.LiebermanBerg@gmail.com>  Sun, 25 May 2014 17:50:03 +0000

ansible (1.6.1+dfsg-1) unstable; urgency=medium

  * New upstream version.

 -- Harlan Lieberman-Berg <H.LiebermanBerg@gmail.com>  Wed, 07 May 2014 18:49:07 +0000

ansible (1.6.0+dfsg-1) unstable; urgency=medium

  * New upstream version.
  * Remove patches applied upstream.
  * Fix manpage warning.

 -- Harlan Lieberman-Berg <H.LiebermanBerg@gmail.com>  Tue, 06 May 2014 03:07:30 +0000

ansible (1.5.5+dfsg-1) unstable; urgency=medium

  * New upstream version 1.5.5, security update.
  * d/control: Add myself to Uploaders to silence Lintian
  * Refresh patches for new version.  Add DEP-3 headers to one patch.

 -- Harlan Lieberman-Berg <H.LiebermanBerg@gmail.com>  Mon, 21 Apr 2014 16:51:47 -0400

ansible (1.5.4+dfsg-1) unstable; urgency=medium

  * Pull missing manpages from upstream development branch.
  * New upstream version 1.5.4, security update.
  * Add patch to correct directory_mode functionality. (Closes: #743027)

 -- Harlan Lieberman-Berg <H.LiebermanBerg@gmail.com>  Tue, 01 Apr 2014 22:00:24 -0400

ansible (1.5.3+dfsg-1) unstable; urgency=low

  [ Harlan Lieberman-Berg ]
  * New upstream version.
  * Update Ansible homepage URL.
  * Add FontAwesome to d/copyright, remove non-existant files.
  * Refresh all patches, removing some related to documentation.
  * Add new dependency on python-crypto.

  [ Michael Vogt ]
  * add "sshpass" to Suggests
  * add "openssh-client | python-paramiko" to depends

 -- Michael Vogt <mvo@debian.org>  Tue, 18 Mar 2014 14:33:23 +0100

ansible (1.4.5+dfsg-1) unstable; urgency=medium

  * New upstream release

 -- Michael Vogt <mvo@debian.org>  Thu, 20 Feb 2014 08:58:14 +0100

ansible (1.4.4+dfsg-1) unstable; urgency=low

  * New upstream release

 -- Michael Vogt <mvo@debian.org>  Tue, 07 Jan 2014 19:58:44 +0100

ansible (1.4.3+dfsg-2) unstable; urgency=low

  * add "Suggests: ansible-doc" to the dependency, thanks to
    Ben Finney (closes: #729350)
  * Fix Vcs-Browser, thanks to Alessandro Ghedini
    (closes: #731482)

 -- Michael Vogt <mvo@debian.org>  Tue, 07 Jan 2014 10:58:44 +0100

ansible (1.4.3+dfsg-1) unstable; urgency=low

  * New upstream release

 -- Michael Vogt <mvo@debian.org>  Fri, 27 Dec 2013 09:48:35 +0100

ansible (1.4.1+dfsg-1) unstable; urgency=low

  * New upstream version
  * add asciidoc build-depends

 -- Michael Vogt <mvo@debian.org>  Tue, 03 Dec 2013 08:17:05 +0100

ansible (1.4.0+dfsg-1) unstable; urgency=low

  * new upstream version
  * debian/rules:
    - remove sed manpage fixes, fixed upstream
  * debian/patches/fix-html-makefile:
    - removed, fixed upstream

 -- Michael Vogt <mvo@debian.org>  Sun, 24 Nov 2013 10:41:27 +0100

ansible (1.3.4+dfsg-1) unstable; urgency=low

  [ Harlan Lieberman-Berg ]
  * New upstream release (Closes: #717777).
    Fixes CVE-2013-2233 (Closes: #714822).
    Fixes CVE-2013-4259 (Closes: #721766).
  * Drop fix-ansible-cfg patch.
  * Change docsite generation to not expect docs as part of a wordpress install.
  * Add trivial patch to fix lintian error with rpm-key script.
  * Add patch header information to fix-html-makefile.
  
  [ Michael Vogt ]
  * add myself to uploader
  * build/ship the module manpages for ansible in the ansible package

 -- Michael Vogt <mvo@debian.org>  Fri, 01 Nov 2013 09:40:59 +0100

ansible (1.2.1+dfsg-1) unstable; urgency=low

  * New upstream release.
  * Drop remove-external-training-references.patch

 -- Michael Vogt <mvo@debian.org>  Sat, 13 Jul 2013 21:40:49 +0200

ansible (1.1+dfsg-1) unstable; urgency=low

  * New upstream release.
  * Update patches disable-google-analytics.patch and 
    remove-external-image.patch to apply cleanly.
  * Add remove-external-footer-image.patch to remove link on external resource.
  * Add remove-external-training-references.patch:
    Training advertise contains links to external resources that may not be
    available or may be used for tracking users activity without their
    knowledge by the third-party.

 -- Janos Guljas <janos@debian.org>  Sat, 06 Apr 2013 23:27:08 +0200

ansible (0.9+dfsg-1) unstable; urgency=low

  * Initial release. (Closes: #698428)

 -- Janos Guljas <janos@debian.org>  Wed, 23 Jan 2013 01:52:40 +0100