509046 – <app-admin/ansible-1.5.5: multiple vulnerabilities

Bug 509046 - <app-admin/ansible-1.5.5: multiple vulnerabilities

Summary: <app-admin/ansible-1.5.5: multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B4 [noglsa]
Keywords:

Depends on:	502362
Blocks:
	Show dependency tree

Reported:	2014-04-29 08:40 UTC by Sergey Popov
Modified:	2014-05-03 21:04 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sergey Popov gentoo-dev

2014-04-29 08:40:07 UTC

Ansible before 1.5.5 creates vault files with insecure umask(https://github.com/ansible/ansible/commit/a0e027fe362fbc209dbeff2f72d6e95f39885c69)

Also, some hardening was added to safe_eval function in 1.5.4(https://github.com/ansible/ansible/commit/998793fd0ab55705d57527a38cee5e83f535974c)

Ebuild for 1.5.5 has been already added to tree, thanks to Justin Lecher.

Current stable version of ansible in tree - 1.5.3. I will call for arch teams a bit later after testing.

Comment 1 Sergey Popov gentoo-dev

2014-05-02 09:15:14 UTC

Ok, sorry for the delay. All tests(both upstream and myself) passed successfully.

Arch teams, please test and mark stable =app-admin/ansible-1.5.5

Target keywords: amd64 x86

Comment 2 Sergey Popov gentoo-dev

2014-05-03 21:03:30 UTC

+  03 May 2014; Sergey Popov <pinkbyte@gentoo.org> -ansible-1.4.3.ebuild,
+  -ansible-1.4.5.ebuild, -ansible-1.5.0.ebuild, -ansible-1.5.3.ebuild,
+  ansible-1.5.5.ebuild:
+  Stable on amd64 and x86, wrt bug #509046. Drop old versions

Ok, stabilizing and cleanup are both done

GLSA vote: no

Comment 3 Mikle Kolyada (RETIRED) archtester

2014-05-03 21:04:49 UTC

GLSA vote: no.

Closing as [noglsa].