1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-25 03:17:13 +00:00
nixpkgs/pkgs/tools/admin
Andreas Rammhold 64e2791092 ansible_2_7: 2.7.11 -> 2.7.15
This fixes the following security issues:
  * Ansible: Splunk and Sumologic callback plugins leak sensitive data
    in logs (CVE-2019-14864)
  * CVE-2019-14846 - Several Ansible plugins could disclose aws
    credentials in log files. inventory/aws_ec2.py, inventory/aws_rds.py,
    lookup/aws_account_attribute.py, and lookup/aws_secret.py,
    lookup/aws_ssm.py use the boto3 library from the Ansible process. The
    boto3 library logs credentials at log level DEBUG. If Ansible's
    logging was enabled (by setting LOG_PATH to a value) Ansible would set
    the global log level to DEBUG. This was inherited by boto and would
    then log boto credentials to the file specified by LOG_PATH. This did
    not affect aws ansible modules as those are executed in a separate
    process. This has been fixed by switching to log level INFO
  * Convert CLI provided passwords to text initially, to prevent unsafe
    context being lost when converting from bytes->text during post
    processing of PlayContext. This prevents CLI provided passwords from
    being incorrectly templated (CVE-2019-14856)
  * properly hide parameters marked with no_log in suboptions when invalid
    parameters are passed to the module (CVE-2019-14858)
  * resolves CVE-2019-10206, by avoiding templating passwords from
    prompt as it is probable they have special characters.
  * Handle improper variable substitution that was happening in
    safe_eval, it was always meant to just do 'type enforcement' and have
    Jinja2 deal with all variable interpolation. Also see CVE-2019-10156

Changelog: 0623dedf2d/changelogs/CHANGELOG-v2.7.rst (v2-7-15)
2019-12-15 21:24:59 +01:00
..
acme.sh
adtool
amazon-ecr-credential-helper
analog
ansible ansible_2_7: 2.7.11 -> 2.7.15 2019-12-15 21:24:59 +01:00
aws-env
aws-google-auth aws-google-auth: 0.0.32 -> 0.0.33 2019-11-25 00:08:56 -08:00
aws-rotate-key
aws-vault
aws_shell
awscli awscli: remove unnecessary override on python prompt_toolkit 2019-12-07 19:17:55 +01:00
awslogs
awsweeper awsweeper: init at 0.4.1 2019-12-08 04:20:00 -05:00
azure-cli azure-cli: freeze azure-mgmt-recoveryservicesbackup 2019-12-10 18:28:21 -08:00
berglas
bluemix-cli
boulder
bubblewrap
certbot
certigo
chkcrontab
clair
cli53
daemontools
dehydrated
docker-credential-gcr
eksctl eksctl: 0.11.0 -> 0.11.1 2019-12-06 21:03:24 +08:00
elasticsearch-curator
fastlane
fbvnc fbvnc: init at 1.0.2 2019-11-25 10:29:03 +01:00
gixy
google-cloud-sdk
gtk-vnc
iamy
intecture
lego lego: 3.0.2 -> 3.2.0 2019-11-28 00:28:19 -05:00
lxd
mycli
nomachine-client
oxidized
pebble
procs procs: 0.8.13 -> 0.8.16 2019-12-09 04:20:00 -05:00
pulumi
salt
scaleway-cli
sec
sewer
simp_le
ssl-cert-check
swiftclient
tigervnc tigervnc: add perl to buildInputs (#75367) 2019-12-14 18:06:01 +01:00
tightvnc
virtscreen
vncdo