[stable-2.9] Don't show params when there is an issue with `set_option(s)` (#75805). (#75810)

(cherry picked from commit 79e9dae29212a88aa60122ca6bd608947399017f) Co-authored-by: Matt Martz <matt@sivel.net>
author: Matt Martz <matt@sivel.net> 2021-09-29 11:54:56 -0500
committer: GitHub <noreply@github.com> 2021-09-29 11:54:56 -0500
commit: 555d1fb64d89d706c2e749c5551c089d6873acd5 (patch)
tree: 4672381aae631f796773cadd81aa9266de120d98 /changelogs
parent: d4f96531d9bec481cf24fee36b517f6a8a86f2f3 (diff)
download: ansible-555d1fb64d89d706c2e749c5551c089d6873acd5.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/changelogs/fragments/avoid-set_options-leak.yaml b/changelogs/fragments/avoid-set_options-leak.yaml
new file mode 100644
index 0000000000..9680f444e6
--- /dev/null
+++ b/changelogs/fragments/avoid-set_options-leak.yaml
@@ -0,0 +1,5 @@
+---
+security_fixes:
+  - Do not include params in exception when a call to ``set_options`` fails.
+    Additionally, block the exception that is returned from being displayed to stdout.
+    (CVE-2021-3620)
author	Matt Martz <matt@sivel.net>	2021-09-29 11:54:56 -0500
committer	GitHub <noreply@github.com>	2021-09-29 11:54:56 -0500
commit	555d1fb64d89d706c2e749c5551c089d6873acd5 (patch)
tree	4672381aae631f796773cadd81aa9266de120d98 /changelogs
parent	d4f96531d9bec481cf24fee36b517f6a8a86f2f3 (diff)
download	ansible-555d1fb64d89d706c2e749c5551c089d6873acd5.tar.gz