Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2a1939d3 by Salvatore Bonaccorso at 2019-09-08T13:14:55Z
Update information on CVE-2019-10217/ansible
The GCP IAM role was only introduced in the 2.8 series and not
backported to older brnaches. The GCP IAM role addition introduces the
problematic load.
Mark stretch and buster as not affected.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17156,9 +17156,13 @@ CVE-2019-10218
CVE-2019-10217
RESERVED
- ansible <unfixed> (bug #934128)
+ [buster] - ansible <not-affected> (Vulnerable code introduced later)
+ [stretch] - ansible <not-affected> (Vulnerable code introduced later)
[jessie] - ansible <not-affected> (vulnerable code introduced later)
NOTE: https://github.com/ansible/ansible/issues/56269
NOTE: https://github.com/ansible/ansible/pull/59427
+ NOTE: Introduced by:
https://github.com/ansible/ansible/commit/08918c6c2bcd73eb40b89af31736d3fcbe55e75a
(v2.8.0a1)
+ NOTE: Fixed by:
https://github.com/ansible/ansible/commit/c1ee1f142db1e669b710a65147ea32be47a91519
CVE-2019-10216 [-dSAFER escape via .buildfont1]
RESERVED
{DSA-4499-1 DLA-1880-1}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2a1939d3fd8d1799784b089303498742cbb29e55
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2a1939d3fd8d1799784b089303498742cbb29e55
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
