[Git][security-tracker-team/security-tracker][master] CVE-2019-3828,CVE-2020-1735/ansible: jessie not-affected

Sun, 26 Apr 2020 07:55:43 -0700 


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7075ec87 by Sylvain Beucler at 2020-04-26T16:54:13+02:00
CVE-2019-3828,CVE-2020-1735/ansible: jessie not-affected

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27602,9 +27602,11 @@ CVE-2020-1736 (A flaw was found in Ansible Engine when 
a file is moved using ato
        NOTE: https://github.com/ansible/ansible/issues/67794
 CVE-2020-1735 (A flaw was found in the Ansible Engine when the fetch module is 
used.  ...)
        - ansible <unfixed>
+       [jessie] - ansible <not-affected> (No remote expansion in fetch module)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802085
        NOTE: https://github.com/ansible/ansible/issues/67793
        NOTE: https://github.com/ansible/ansible/pull/68720
+       NOTE: Introduced in 
https://github.com/ansible/ansible/commit/e47f6137e5b897dec4319e7cb7791fb9b2cffb8d
 (1.8)
 CVE-2020-1734 (A flaw was found in the pipe lookup plugin of ansible. 
Arbitrary comma ...)
        - ansible <unfixed> (unimportant)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1801804
@@ -75859,10 +75861,11 @@ CVE-2019-3829 (A vulnerability was found in gnutls 
versions from 3.5.8 before 3.
 CVE-2019-3828 (Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has 
a path  ...)
        {DSA-4396-1}
        - ansible 2.7.7+dfsg-1 (bug #922537)
-       [jessie] - ansible <not-affected> (Vulnerable code not present)
+       [jessie] - ansible <not-affected> (No remote expansion in fetch module)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1676689
        NOTE: https://github.com/ansible/ansible/pull/52133
-       NOTE: https://github.com/ansible/ansible/pull/68720 (follow-up)
+       NOTE: https://github.com/ansible/ansible/pull/68720 (CVE-2020-1735 
follow-up)
+       NOTE: Introduced in 
https://github.com/ansible/ansible/commit/bc4272d2a26e47418c7d588208482d05a34a34cd
 (1.8)
 CVE-2019-3827 (An incorrect permission check in the admin backend in gvfs 
before vers ...)
        - gvfs 1.38.1-3 (bug #921816)
        [stretch] - gvfs <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7075ec87574bb92e2412340ab15f32f12e81e16f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7075ec87574bb92e2412340ab15f32f12e81e16f
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to