ansible assigned

Salvatore Bonaccorso Sat, 12 Oct 2019 00:07:49 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a5995a7b by Salvatore Bonaccorso at 2019-10-12T07:05:43Z
CVE-2019-14856/ansible assigned

The CVE is not affecting Debian as we never landed a fix for
CVE-2019-10206 itself (and CVE-2019-14856 is assigned for an incomplete
fix).

Annotate entry for CVE-2019-10206 to make sure the fix will be made
complete and not open CVE-2019-14856.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7320,8 +7320,6 @@ CVE-2019-14857
        NOTE: 
https://github.com/zmartzone/mod_auth_openidc/commit/ce37080c6aea30aabae8b4a9b4eea7808445cc8e
        NOTE: https://github.com/zmartzone/mod_auth_openidc/pull/451
        NOTE: 
https://groups.google.com/forum/#!topic/mod_auth_openidc/boy1Ba3Gdk4
-CVE-2019-14856
-       RESERVED
 CVE-2019-14855
        RESERVED
 CVE-2019-14854
@@ -21245,6 +21243,10 @@ CVE-2019-10207 [bluetooth: hci_uart: 0x0 address  
execution as nonprivileged use
        NOTE: https://www.openwall.com/lists/oss-security/2019/07/25/1
        NOTE: 
https://lore.kernel.org/linux-bluetooth/[email protected]/T/#u
        NOTE: 
https://git.kernel.org/linus/b36a1552d7319bbfd5cf7f08726c23c5c66d4f73
+CVE-2019-14856 [Incomplete fix for CVE-2019-10206]
+       - ansible <not-affected> (Incomplete fix for CVE-2019-10206 not applied)
+       NOTE: https://github.com/ansible/ansible/pull/63351
+       NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760829
 CVE-2019-10206 [disclosure data when prompted for password and template 
characters are passed]
        RESERVED
        - ansible <unfixed> (bug #933005)
@@ -21255,6 +21257,9 @@ CVE-2019-10206 [disclosure data when prompted for 
password and template characte
        NOTE: 2.8.x https://github.com/ansible/ansible/pull/59552
        NOTE: 2.7.x https://github.com/ansible/ansible/pull/59553
        NOTE: 2.6.x https://github.com/ansible/ansible/pull/59554
+       NOTE: When fixing this issue is needed to make the fix complete with
+       NOTE: https://github.com/ansible/ansible/pull/63351 to not open
+       NOTE: CVE-2019-14856.
 CVE-2019-10205
        RESERVED
        NOT-FOR-US: Red Hat Quay



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a5995a7be1382af07274480df7fcbb47adbcedc9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a5995a7be1382af07274480df7fcbb47adbcedc9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2019-14856/ansible assigned

Reply via email to