Hello community,
here is the log from the commit of package ansible for openSUSE:Factory checked in at 2020-05-29 21:24:22
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ansible (Old)
and /work/SRC/openSUSE:Factory/.ansible.new.3606 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ansible"
Fri May 29 21:24:22 2020 rev:65 rq:810048 version:2.9.9
Changes:
--------
--- /work/SRC/openSUSE:Factory/ansible/ansible.changes 2020-05-28 09:15:26.424702554 +0200
+++ /work/SRC/openSUSE:Factory/.ansible.new.3606/ansible.changes 2020-05-29 21:39:08.302964443 +0200
@@ -1,0 +2,6 @@
+Thu May 28 13:57:38 UTC 2020 - Matej Cepl
+
+- Correct ID of CVE and rename the patch to
+ CVE-2020-1744_avoid_mkdir_p.patch
+
+-------------------------------------------------------------------
@@ -46 +52,2 @@
- - CVE-2020-10684 - code injection when using ansible_facts as a subkey
+ - bsc#1167532 CVE-2020-10684 - code injection when using
+ ansible_facts as a subkey
@@ -521 +528 @@
- * remote home directory * Disallow use of remote home directories that include relative pathing by means of `..` (CVE-2019-3828) (https://github.com/ansible/ansible/pull/52133)
+ * remote home directory * Disallow use of remote home directories that include relative pathing by means of `..` (CVE-2019-3828, bsc#1126503) (https://github.com/ansible/ansible/pull/52133)
@@ -897,0 +905,2 @@
+ + Includes fix for bsc#1099808 (CVE-2018-10875) ansible.cfg is being read
+ from current working directory allowing possible code execution
Old:
----
CVE-2020-1733_avoid_mkdir_p.patch
New:
----
CVE-2020-1744_avoid_mkdir_p.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ansible.spec ++++++
--- /var/tmp/diff_new_pack.6zmz66/_old 2020-05-29 21:39:08.882966170 +0200
+++ /var/tmp/diff_new_pack.6zmz66/_new 2020-05-29 21:39:08.882966170 +0200
@@ -229,9 +229,9 @@
Source: https://releases.ansible.com/ansible/ansible-%{version}.tar.gz
Source1: https://releases.ansible.com/ansible/ansible-%{version}.tar.gz.sha
Source99: ansible-rpmlintrc
-# PATCH-FIX-UPSTREAM CVE-2020-1733_avoid_mkdir_p.patch bsc#1171823 mcepl@suse.com
+# PATCH-FIX-UPSTREAM CVE-2020-1744_avoid_mkdir_p.patch bsc#1171823 mcepl@suse.com
# gh#ansible/ansible#67791 avoid race condition and insecure directory creation
-Patch0: CVE-2020-1733_avoid_mkdir_p.patch
+Patch0: CVE-2020-1744_avoid_mkdir_p.patch
BuildArch: noarch
# extented documentation
%if 0%{?with_docs}
++++++ CVE-2020-1733_avoid_mkdir_p.patch -> CVE-2020-1744_avoid_mkdir_p.patch ++++++