diff options
author | Brian Coca <bcoca@users.noreply.github.com> | 2020-04-08 14:28:51 -0400 |
---|---|---|
committer | Matt Clay <matt@mystile.com> | 2020-04-15 12:47:55 -0700 |
commit | 3c484831f87035db7eeb7ed405f905c134b56a53 (patch) | |
tree | 3b8b2009266847eb5ab7fbe0425609035168d7c5 /changelogs | |
parent | ef32a5bf96a89107986375516285253c1380d7ef (diff) | |
download | ansible-3c484831f87035db7eeb7ed405f905c134b56a53.tar.gz |
fixed fetch traversal from slurp (#68720)
* fixed fetch traversal from slurp
* ignore slurp result for dest
* fixed naming when source is relative
* fixed bug in local connection plugin
* added tests with fake slurp
* moved existing role tests into runme.sh
* normalized on action excepts
* moved dest transform down to when needed
* added is_subpath check
* fixed bug in local connection
fixes #67793
CVE-2019-3828
(cherry picked from commit ba87c225cd13343c35075fe7fc15b4cf1343fed6)
Diffstat (limited to 'changelogs')
-rw-r--r-- | changelogs/fragments/fetch_no_slurp.yml | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/changelogs/fragments/fetch_no_slurp.yml b/changelogs/fragments/fetch_no_slurp.yml new file mode 100644 index 0000000000..c742d40c3b --- /dev/null +++ b/changelogs/fragments/fetch_no_slurp.yml @@ -0,0 +1,2 @@ +bugfixes: + - In fetch action, avoid using slurp return to set up dest, also ensure no dir traversal CVE-2019-3828. |