add changelog categories, update CVE fragments to use security_fix category (#69968)

* use security_fix category in changelogs for CVEs

* these fragments do not say CVE but are security fixes

Co-authored-by: Alicia Cozine <acozine@users.noreply.github.com>
pull/70021/head
Alicia Cozine 4 years ago committed by GitHub
parent 9d6b0f2b03
commit f509a22f9d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -7,7 +7,9 @@ new_plugins_after_name: removed_features
sections: sections:
- ['major_changes', 'Major Changes'] - ['major_changes', 'Major Changes']
- ['minor_changes', 'Minor Changes'] - ['minor_changes', 'Minor Changes']
- ['breaking_changes', 'Breaking Changes / Porting Guide']
- ['deprecated_features', 'Deprecated Features'] - ['deprecated_features', 'Deprecated Features']
- ['removed_features', 'Removed Features (previously deprecated)'] - ['removed_features', 'Removed Features (previously deprecated)']
- ['security_fixes', 'Security Fixes']
- ['bugfixes', 'Bugfixes'] - ['bugfixes', 'Bugfixes']
- ['known_issues', 'Known Issues'] - ['known_issues', 'Known Issues']

@ -1,4 +1,4 @@
bugfixes: security_fixes:
- > - >
**security issue** - TaskExecutor - Ensure we don't erase unsafe context in TaskExecutor.run on bytes. **security issue** - TaskExecutor - Ensure we don't erase unsafe context in TaskExecutor.run on bytes.
Only present in 2.9.0beta1 Only present in 2.9.0beta1

@ -1,3 +1,3 @@
bugfixes: security_fixes:
- > - >
**security issue** - Redact cloud plugin secrets in ansible-test when running integration tests using cloud plugins. Only present in 2.9.0b1. **security issue** - Redact cloud plugin secrets in ansible-test when running integration tests using cloud plugins. Only present in 2.9.0b1.

@ -1,4 +1,4 @@
bugfixes: security_fixes:
- > - >
**security issue** - Convert CLI provided passwords to text initially, to **security issue** - Convert CLI provided passwords to text initially, to
prevent unsafe context being lost when converting from bytes->text during prevent unsafe context being lost when converting from bytes->text during

@ -1,2 +1,2 @@
bugfixes: security_fixes:
- In fetch action, avoid using slurp return to set up dest, also ensure no dir traversal CVE-2020-1735. - In fetch action, avoid using slurp return to set up dest, also ensure no dir traversal CVE-2020-1735.

@ -1,2 +1,2 @@
bugfixes: security_fixes:
- ansible-galaxy - Error when install finds a tar with a file that will be extracted outside the collection install directory - CVE-2020-10691 - ansible-galaxy - Error when install finds a tar with a file that will be extracted outside the collection install directory - CVE-2020-10691

@ -1,2 +1,2 @@
bugfixes: security_fixes:
- '**security issue** - properly hide parameters marked with ``no_log`` in suboptions when invalid parameters are passed to the module (CVE-2019-14858)' - '**security issue** - properly hide parameters marked with ``no_log`` in suboptions when invalid parameters are passed to the module (CVE-2019-14858)'

@ -1,2 +1,2 @@
bugfixes: security_fixes:
- Ensure we get an error when creating a remote tmp if it already exists. CVE-2020-1733 - Ensure we get an error when creating a remote tmp if it already exists. CVE-2020-1733

@ -1,4 +1,4 @@
bugfixes: security_fixes:
- > - >
**security issue** - The ``subversion`` module provided the password **security issue** - The ``subversion`` module provided the password
via the svn command line option ``--password`` and can be retrieved via the svn command line option ``--password`` and can be retrieved

@ -1,2 +1,2 @@
bugfixes: security_fixes:
- "**security_issue** - create temporary vault file with strict permissions when editing and prevent race condition (CVE-2020-1740)" - "**security_issue** - create temporary vault file with strict permissions when editing and prevent race condition (CVE-2020-1740)"

@ -1,4 +1,4 @@
bugfixes: security_fixes:
- > - >
**security issue** win_unzip - normalize paths in archive to ensure extracted **security issue** win_unzip - normalize paths in archive to ensure extracted
files do not escape from the target directory (CVE-2020-1737) files do not escape from the target directory (CVE-2020-1737)

Loading…
Cancel
Save