From ${URL} : Ansible versions before 1.9.2 are vulnerable to a symlink attack that enables a malicious zone/chroot/jail managed by ansible to escape into the managing host. Upstream commits that fix this issue: https://github.com/ansible/ansible/commit/548a7288a90c49e9b50ccf197da307eae525b899 https://github.com/ansible/ansible/commit/270be6a6f5852c5563976f060c80eff64decc89c https://github.com/ansible/ansible/commit/952166f48eb0f5797b75b160fd156bbe1e8fc647 https://github.com/ansible/ansible/commit/0777d025051bf5cf3092aa79a9e6b67cec7064dd https://github.com/ansible/ansible/commit/ca2f2c4ebd7b5e097eab0a710f79c1f63badf95b CVE request: http://seclists.org/oss-sec/2015/q3/105 External References: https://github.com/ansible/ansible @maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.
Arches, please test and mark stable =app-admin/ansible-1.9.2 Target keywords: amd64 x86
amd64/x86 stable GLSA vote: no
GLSA vote: no.
Maintainer(s), please drop the vulnerable version(s).
Cleanup is done