ansible (2.2.1.0-2+deb9u3) stretch-security; urgency=medium

  * Fix CVE-2019-10206:
    ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4,
    all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by
    expanding them from templates as they could contain special characters.
    Passwords should be wrapped to prevent templates trigger and exposing them.
  * Fix CVE-2019-14856:
    This fixes a regression introduced by the fix of CVE-2019-10206.
  * Fix CVE-2020-10684:
    A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x
    prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as
    a subkey of itself and promoting it to a variable when inject is enabled,
    overwriting the ansible_facts after the clean. An attacker could take
    advantage of this by altering the ansible_facts, such as ansible_hosts,
    users and any other key data which would lead into privilege escalation 
    or code injection.

 -- Lee Garrett <debian@rocketjump.eu>  Thu, 03 Feb 2022 18:34:23 +0100

ansible (2.2.1.0-2+deb9u2) stretch-security; urgency=high

  * Non-maintainer upload by the LTS team.
  * Fix CVE-2017-7481:
    Ansible fails to properly mark lookup-plugin results as unsafe. If an
    attacker could control the results of lookup() calls, they could inject
    Unicode strings to be parsed by the jinja2 templating system, resulting in
    code execution. By default, the jinja2 templating language is now marked as
    'unsafe' and is not evaluated.
  * Fix CVE-2019-10156:
    A flaw was discovered in the way Ansible templating was implemented,
    causing the possibility of information disclosure through unexpected
    variable substitution. By taking advantage of unintended variable
    substitution the content of any variable may be disclosed.
  * Fix CVE-2019-14846:
    Ansible was logging at the DEBUG level which lead to a disclosure of
    credentials if a plugin used a library that logged credentials at the DEBUG
    level. This flaw does not affect Ansible modules, as those are executed in
    a separate process.
  * Fix CVE-2019-14904:
    A flaw was found in the solaris_zone module from the Ansible Community
    modules. When setting the name for the zone on the Solaris host, the zone
    name is checked by listing the process with the 'ps' bare command on the
    remote machine. An attacker could take advantage of this flaw by crafting
    the name of the zone and executing arbitrary commands in the remote host.

 -- Markus Koschany <apo@debian.org>  Wed, 27 Jan 2021 16:24:29 +0100

ansible (2.2.1.0-2+deb9u1) stretch-security; urgency=high

  * Add patch to fix CVE 2018-10855.
  * Add patch to fix CVE 2018-16837.
  * Add patch to fix CVE 2018-10875.
  * Add patch to fix CVE 2018-16876.
  * Add patch to fix CVE 2019-3828.

 -- Lee Garrett <debian@rocketjump.eu>  Mon, 11 Feb 2019 00:11:51 +0100

ansible (2.2.1.0-2) unstable; urgency=medium

  * Add patch to fix CVE-2017-7466.

 -- Harlan Lieberman-Berg <hlieberman@debian.org>  Wed, 12 Apr 2017 00:56:30 -0400

ansible (2.2.1.0-1) unstable; urgency=medium

  * New upstream release
  * Remove following patches, applied upstream:
    - fix_CVE-2016-8647.patch
    - fix_pip_venv.patch
    - fix_UnboundedLocalError.patch
    - fix-cve-2016-9587.patch
  * Add myself to uploaders.

 -- Lee Garrett <debian@rocketjump.eu>  Sat, 21 Jan 2017 21:27:15 +0100

ansible (2.2.0.0-4) unstable; urgency=high

  * Commit to git the changelog line I actually used.
  * Cherry-pick patch fixing git module error. (Closes: #850935)
  * Cherry-pick patch fixing python3 + virtualenv problems. (Closes: #847546)
  * Cherry-pick patch fixing CVE-2016-8647 (Closes: #844691)

 -- Harlan Lieberman-Berg <hlieberman@debian.org>  Sat, 14 Jan 2017 15:30:48 -0500

ansible (2.2.0.0-3) unstable; urgency=high

  * Apply additional fixes for CVE-2016-9587 (Closes: #850846)

 -- Harlan Lieberman-Berg <hlieberman@debian.org>  Fri, 13 Jan 2017 21:17:56 -0500

ansible (2.2.0.0-2) unstable; urgency=high

  * Cherry-pick patch to fix CVE-2016-9587 (Closes: #850846)

 -- Harlan Lieberman-Berg <hlieberman@debian.org>  Tue, 10 Jan 2017 20:14:07 -0500

ansible (2.2.0.0-1) unstable; urgency=medium

  * New upstream release: (Closes: #843763)
    - CVE-2016-8628 (Closes: #842985)
    - CVE-2016-8614 (Closes: #842984)
  * Add python-kerberos, python-winrm, python-xmltodict to Recommends, needed
    to manage Windows hosts. (Closes: #843995)
  * Suggest cowsay (Closes: #834056)

 -- Lee Garrett <debian@rocketjump.eu>  Fri, 25 Nov 2016 20:52:24 +0100

ansible (2.1.1.0-1) unstable; urgency=medium

  * New upstream release.
  * Update cme copyright helper files.
  * Drop ansible-*fireball, as it is no longer supported.

 -- Harlan Lieberman-Berg <hlieberman@debian.org>  Sun, 31 Jul 2016 22:02:59 -0400

ansible (2.1.0.0-1) unstable; urgency=medium

  * New upstream release. (Closes: #826927, #814371)
  * Update d/copyright; add cme hinting files.
  * Bump S-V; no changes required
  * Add manpage for ansible-console.

 -- Harlan Lieberman-Berg <hlieberman@debian.org>  Sun, 12 Jun 2016 21:12:05 -0400

ansible (2.0.2.0-1) unstable; urgency=medium

  * New upstream release
  * Remove patches applied upstream
  * Change maintainer from Janos to me

 -- Harlan Lieberman-Berg <hlieberman@debian.org>  Tue, 19 Apr 2016 22:31:25 -0400

ansible (2.0.1.0-2) unstable; urgency=medium

  * Backport patches to fix vulns in lxc plugin (Closes: #819676)
  * Update my email address

 -- Harlan Lieberman-Berg <hlieberman@debian.org>  Sun, 10 Apr 2016 18:37:37 -0400

ansible (2.0.1.0-1) unstable; urgency=medium

  * New upstream release.
  * Fix Vcs-git URI.
  * Bump standards version.

 -- Harlan Lieberman-Berg <hlieberman@setec.io>  Thu, 25 Feb 2016 23:03:33 -0500

ansible (2.0.0.2-2) unstable; urgency=medium

  * Migrate to unstable.
  * Switch Vcs-git to https.

 -- Harlan Lieberman-Berg <hlieberman@setec.io>  Mon, 08 Feb 2016 07:15:41 -0500

ansible (2.0.0.2-1) experimental; urgency=medium

  * New upstream version.

 -- Harlan Lieberman-Berg <hlieberman@setec.io>  Fri, 15 Jan 2016 20:15:26 -0500

ansible (2.0.0.1-1) experimental; urgency=medium

  * New upstream version.
  * Fix up d/control's spacing, ordering.
  * Extensive update of d/copyright with cme.

 -- Harlan Lieberman-Berg <hlieberman@setec.io>  Tue, 12 Jan 2016 22:56:34 -0500

ansible (1.9.4-1) unstable; urgency=medium

  * New upstream version.

 -- Harlan Lieberman-Berg <hlieberman@setec.io>  Sat, 10 Oct 2015 17:51:09 -0400

ansible (1.9.3-1) unstable; urgency=medium

  * New upstream version.

 -- Harlan Lieberman-Berg <hlieberman@setec.io>  Thu, 03 Sep 2015 21:06:03 -0400

ansible (1.9.2+dfsg-2) unstable; urgency=low

  * Fix suggestion of no-longer-built ansible-doc. (Closes: #795532)
    .
    Ansible used to ship their website which contained the manual for using ansible
    and learning it.  They no longer ship this in released versions, thus ansible-doc
    was removed.

 -- Harlan Lieberman-Berg <H.LiebermanBerg@gmail.com>  Sat, 15 Aug 2015 09:29:31 +0200

ansible (1.9.2+dfsg-1) unstable; urgency=medium

  * New upstream version. (Closes: #773526)
  * Add dependency on python-netaddr (Closes: #790234)
  * Heavy refactoring due to upstream release changes
  * New, comprehensive d/copyright.

 -- Harlan Lieberman-Berg <H.LiebermanBerg@gmail.com>  Sat, 27 Jun 2015 23:12:55 -0400

ansible (1.7.2+dfsg-2) unstable; urgency=low

  * Add updated paths to d/copyright.

 -- Harlan Lieberman-Berg <H.LiebermanBerg@gmail.com>  Thu, 02 Oct 2014 17:31:12 -0400

ansible (1.7.2+dfsg-1) unstable; urgency=medium

  * New upstream release.

 -- Harlan Lieberman-Berg <H.LiebermanBerg@gmail.com>  Wed, 24 Sep 2014 16:55:14 -0400

ansible (1.7.1+dfsg-1) unstable; urgency=medium

  * New upstream release.

 -- Harlan Lieberman-Berg <H.LiebermanBerg@gmail.com>  Thu, 14 Aug 2014 20:13:22 -0400

ansible (1.7.0+dfsg-1) unstable; urgency=medium

  * New upstream release.
  * Refresh and remove outdated patches.
  * Add python-selinux to Recommends for SELinux support. (Closes: #757358)

 -- Harlan Lieberman-Berg <H.LiebermanBerg@gmail.com>  Wed, 06 Aug 2014 21:15:22 -0400

ansible (1.6.10+dfsg-1) unstable; urgency=high

  * New upstream release.

 -- Harlan Lieberman-Berg <H.LiebermanBerg@gmail.com>  Fri, 25 Jul 2014 20:00:08 -0400

ansible (1.6.9+dfsg-1) unstable; urgency=medium

  * New upstream release.

 -- Harlan Lieberman-Berg <H.LiebermanBerg@gmail.com>  Fri, 25 Jul 2014 00:06:50 -0400

ansible (1.6.8+dfsg-1) unstable; urgency=medium

  * New upstream release, fixing:
    CVE-2014-4966, CVE-2014-4967.

 -- Harlan Lieberman-Berg <H.LiebermanBerg@gmail.com>  Wed, 23 Jul 2014 01:12:09 -0400

ansible (1.6.6+dfsg-1) unstable; urgency=high

  * New upstream release.

 -- Harlan Lieberman-Berg <H.LiebermanBerg@gmail.com>  Wed, 02 Jul 2014 01:35:05 +0000

ansible (1.6.5+dfsg-1) unstable; urgency=high

  * New upstream release, x2.
  * Switch to using Files-Excluded to repack upstream for DFSG.

 -- Harlan Lieberman-Berg <H.LiebermanBerg@gmail.com>  Wed, 25 Jun 2014 22:03:26 +0000

ansible (1.6.3+dfsg-1) unstable; urgency=medium

  * New upstream release.

 -- Harlan Lieberman-Berg <H.LiebermanBerg@gmail.com>  Tue, 10 Jun 2014 00:23:17 +0000

ansible (1.6.2+dfsg-1) unstable; urgency=medium

  [ Felix Geyer ]
  * Run upstream build tests during the build. (Closes: #749406)

  [ Harlan Lieberman-Berg ]
  * New upstream version.
  * Packaged version from tip of upstream branch release1.6.2 instead of
    tagged version, as it contains a fix needed to prevent FTBFS.

 -- Harlan Lieberman-Berg <H.LiebermanBerg@gmail.com>  Sun, 25 May 2014 17:50:03 +0000

ansible (1.6.1+dfsg-1) unstable; urgency=medium

  * New upstream version.

 -- Harlan Lieberman-Berg <H.LiebermanBerg@gmail.com>  Wed, 07 May 2014 18:49:07 +0000

ansible (1.6.0+dfsg-1) unstable; urgency=medium

  * New upstream version.
  * Remove patches applied upstream.
  * Fix manpage warning.

 -- Harlan Lieberman-Berg <H.LiebermanBerg@gmail.com>  Tue, 06 May 2014 03:07:30 +0000

ansible (1.5.5+dfsg-1) unstable; urgency=medium

  * New upstream version 1.5.5, security update.
  * d/control: Add myself to Uploaders to silence Lintian
  * Refresh patches for new version.  Add DEP-3 headers to one patch.

 -- Harlan Lieberman-Berg <H.LiebermanBerg@gmail.com>  Mon, 21 Apr 2014 16:51:47 -0400

ansible (1.5.4+dfsg-1) unstable; urgency=medium

  * Pull missing manpages from upstream development branch.
  * New upstream version 1.5.4, security update.
  * Add patch to correct directory_mode functionality. (Closes: #743027)

 -- Harlan Lieberman-Berg <H.LiebermanBerg@gmail.com>  Tue, 01 Apr 2014 22:00:24 -0400

ansible (1.5.3+dfsg-1) unstable; urgency=low

  [ Harlan Lieberman-Berg ]
  * New upstream version.
  * Update Ansible homepage URL.
  * Add FontAwesome to d/copyright, remove non-existant files.
  * Refresh all patches, removing some related to documentation.
  * Add new dependency on python-crypto.

  [ Michael Vogt ]
  * add "sshpass" to Suggests
  * add "openssh-client | python-paramiko" to depends

 -- Michael Vogt <mvo@debian.org>  Tue, 18 Mar 2014 14:33:23 +0100

ansible (1.4.5+dfsg-1) unstable; urgency=medium

  * New upstream release

 -- Michael Vogt <mvo@debian.org>  Thu, 20 Feb 2014 08:58:14 +0100

ansible (1.4.4+dfsg-1) unstable; urgency=low

  * New upstream release

 -- Michael Vogt <mvo@debian.org>  Tue, 07 Jan 2014 19:58:44 +0100

ansible (1.4.3+dfsg-2) unstable; urgency=low

  * add "Suggests: ansible-doc" to the dependency, thanks to
    Ben Finney (closes: #729350)
  * Fix Vcs-Browser, thanks to Alessandro Ghedini
    (closes: #731482)

 -- Michael Vogt <mvo@debian.org>  Tue, 07 Jan 2014 10:58:44 +0100

ansible (1.4.3+dfsg-1) unstable; urgency=low

  * New upstream release

 -- Michael Vogt <mvo@debian.org>  Fri, 27 Dec 2013 09:48:35 +0100

ansible (1.4.1+dfsg-1) unstable; urgency=low

  * New upstream version
  * add asciidoc build-depends

 -- Michael Vogt <mvo@debian.org>  Tue, 03 Dec 2013 08:17:05 +0100

ansible (1.4.0+dfsg-1) unstable; urgency=low

  * new upstream version
  * debian/rules:
    - remove sed manpage fixes, fixed upstream
  * debian/patches/fix-html-makefile:
    - removed, fixed upstream

 -- Michael Vogt <mvo@debian.org>  Sun, 24 Nov 2013 10:41:27 +0100

ansible (1.3.4+dfsg-1) unstable; urgency=low

  [ Harlan Lieberman-Berg ]
  * New upstream release (Closes: #717777).
    Fixes CVE-2013-2233 (Closes: #714822).
    Fixes CVE-2013-4259 (Closes: #721766).
  * Drop fix-ansible-cfg patch.
  * Change docsite generation to not expect docs as part of a wordpress install.
  * Add trivial patch to fix lintian error with rpm-key script.
  * Add patch header information to fix-html-makefile.

  [ Michael Vogt ]
  * add myself to uploader
  * build/ship the module manpages for ansible in the ansible package

 -- Michael Vogt <mvo@debian.org>  Fri, 01 Nov 2013 09:40:59 +0100

ansible (1.2.1+dfsg-1) unstable; urgency=low

  * New upstream release.
  * Drop remove-external-training-references.patch

 -- Michael Vogt <mvo@debian.org>  Sat, 13 Jul 2013 21:40:49 +0200

ansible (1.1+dfsg-1) unstable; urgency=low

  * New upstream release.
  * Update patches disable-google-analytics.patch and
    remove-external-image.patch to apply cleanly.
  * Add remove-external-footer-image.patch to remove link on external resource.
  * Add remove-external-training-references.patch:
    Training advertise contains links to external resources that may not be
    available or may be used for tracking users activity without their
    knowledge by the third-party.

 -- Janos Guljas <janos@debian.org>  Sat, 06 Apr 2013 23:27:08 +0200

ansible (0.9+dfsg-1) unstable; urgency=low

  * Initial release. (Closes: #698428)

 -- Janos Guljas <janos@debian.org>  Wed, 23 Jan 2013 01:52:40 +0100
