New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[20.03] ansible: v2.9.2 → v2.9.9, v2.8.11 → v2.8.12, v2.7.17 → v2.7.18, mark v2.6 as insecure #88038
Conversation
One remaining issue is that the "Known issues" message for
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for doing this @mweinelt!
The bump to 2.9.9 misses the cherry-picked from
information. Can you repush this?
Regarding the insecure notice, that's a somewhat known issue, I'd consider it out of scope for this PR - and 2.6 was dropped on master anyway to to it being EOL.
Fixes: CVE-2020-10684, CVE-2020-1733, CVE-2020-1735, CVE-2020-1739, CVE-2020-1740 (cherry picked from commit dde1577)
(cherry picked from commit 0dea984)
(cherry picked from commit c0e6848)
(cherry picked from commit 25233a5)
Ansible 2.6 went EOL in 2019/11/06 and several CVEs have since come up.
@flokli Done |
Motivation for this change
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)