Hi everyone,
In July I prepared and uploaded ansible to bullseye-proposed-updates[0] fixing:
(from previous month)
- CVE-2021-3620
- CVE-2021-3583
- CVE-2022-3697
- CVE-2023-4237
This month:
- CVE-2023-5764
- CVE-2024-0690
CVE-2023-5764 contained a user-visible change so I also documented that in
NEWS.Debian of the package. I also fixed the existing autopkgtests, and added
integration (autopkg)tests that cover the respective code paths that were
touched by the CVE fixes. I was able to forwardport the autopkgtests to unstable
for ansible-core.
During testing I fixed a few cornercases when using ftf[1] VMs with autopkgtest,
and found a rather intricate bug in autopkgtest that I reported in [2].
I fixed a bug in the freexian CLI when displaying available packages. [3]
Thanks to our sponsors for financing this work, and to Freexian for
coordinating!
Regards,
Lee Garrett,
Debian LTS Team
[0] https://bugs.debian.org/1076527
[1] https://gitlab.com/freexian/services/deblts-team/ftf/
[2] https://bugs.debian.org/1076343
[3] https://gitlab.com/freexian/code/pyxian/-/merge_requests/58
