Upgrade to ansible 1.9.2 when released
Bug #1466216 reported by
Ian Cordasco
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack-Ansible |
Fix Released
|
High
|
Tom Cameron | ||
Kilo |
Fix Released
|
High
|
Tom Cameron | ||
Trunk |
Fix Released
|
High
|
Tom Cameron |
Bug Description
Ansible 1.9.2 (unreleased) fixed a CVE-2015-3908 that affected usage of get_url. The vulnerability is related to allowing an HTTPS connection to be MITM'd.
CVE References
Changed in openstack-ansible: | |
milestone: | none → 11.0.4 |
Changed in openstack-ansible: | |
assignee: | nobody → Tom Cameron (tom-cameron) |
Changed in openstack-ansible: | |
status: | Triaged → In Progress |
tags: | added: security |
To post a comment you must log in.
Looks like 1.9.2-1 was just released, if we can get that in it would be most excellent.