Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f843c0da by Salvatore Bonaccorso at 2020-05-31T09:47:58+02:00
CVE-2020-1746/ansible fixed in unstable via 2.9.7 upload
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31584,11 +31584,12 @@ CVE-2020-1747 (A vulnerability was discovered in the
PyYAML library in versions
[jessie] - pyyaml <not-affected> (Loader/Constructor classes are unsafe
in this version)
NOTE: https://github.com/yaml/pyyaml/pull/386
CVE-2020-1746 (A flaw was found in the Ansible Engine affecting Ansible Engine
versio ...)
- - ansible <unfixed>
+ - ansible 2.9.7+dfsg-1
[stretch] - ansible <not-affected> (Vulnerable code introduced later)
[jessie] - ansible <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1805491
NOTE: https://github.com/ansible/ansible/pull/67866
+ NOTE: Fixed by:
https://github.com/ansible/ansible/commit/d41e38435b1a9e300d8011ac28f16a5add2db119
(v2.9.7)
CVE-2020-1745 (A file inclusion vulnerability was found in the AJP connector
enabled ...)
- undertow 2.0.30-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1807305
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f843c0da94056e3d483d09b2ef46b52502a34785
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f843c0da94056e3d483d09b2ef46b52502a34785
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
