Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a1d7570f by Moritz Muehlenhoff at 2021-08-06T13:55:10+02:00
remove some no-dsa entries for issues lined up with next update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -86029,7 +86029,6 @@ CVE-2020-14366 (A vulnerability was found in keycloak,
where path traversal usin
NOT-FOR-US: Keycloak
CVE-2020-14365 (A flaw was found in the Ansible Engine, in ansible-engine
2.8.x before ...)
- ansible 2.9.13+dfsg-1
- [buster] - ansible <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1869154
NOTE:
https://github.com/ansible/ansible/commit/1d043e082b3b1f3ad35c803137f5d3bcbae92275
(v2.9.13)
CVE-2020-14364 (An out-of-bounds read/write access flaw was found in the USB
emulator ...)
@@ -86184,7 +86183,6 @@ CVE-2020-14333 (A flaw was found in Ovirt Engine's web
interface in ovirt 4.4 an
NOT-FOR-US: ovirt-engine
CVE-2020-14332 (A flaw was found in the Ansible Engine when using module_args.
Tasks e ...)
- ansible 2.9.13+dfsg-1 (bug #966672)
- [buster] - ansible <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1857805
NOTE: https://github.com/ansible/ansible/pull/71033
NOTE:
https://github.com/ansible/ansible/commit/6cae9a4b168df776bf82deb04b2c62e00c38b49a
(v2.9.12)
@@ -86196,7 +86194,6 @@ CVE-2020-14331 (A flaw was found in the Linux
kernel’s implementation of t
NOTE: Only exploitable when CONFIG_VGACON_SOFT_SCROLLBACK is set
CVE-2020-14330 (An Improper Output Neutralization for Logs flaw was found in
Ansible w ...)
- ansible 2.9.13+dfsg-1
- [buster] - ansible <no-dsa> (Minor issue)
NOTE: https://github.com/ansible/ansible/issues/68400
NOTE: Initial fix: https://github.com/ansible/ansible/pull/69653
NOTE: Complete fix (reverting first and adding more elaborated fix):
@@ -97324,7 +97321,6 @@ CVE-2020-10730 (A NULL pointer dereference, or possible
use-after-free flaw was
NOTE:
https://git.samba.org/?p=samba.git;a=commitdiff;h=9dd458956d7af1b4bbe505ba2ab72235e81c27d0
(for ldb)
CVE-2020-10729 (A flaw was found in the use of insufficiently random values in
Ansible ...)
- ansible 2.9.6+dfsg-1
- [buster] - ansible <no-dsa> (Minor issue)
[jessie] - ansible <not-affected> (Vulnerable code introduced later, no
variables template caching)
NOTE: https://github.com/ansible/ansible/issues/34144
NOTE: https://github.com/ansible/ansible/pull/67429/
@@ -97506,7 +97502,6 @@ CVE-2020-10686 (A flaw was found in Keycloak version
8.0.2 and 9.0.0, and was fi
NOT-FOR-US: Keycloak
CVE-2020-10685 (A flaw was found in Ansible Engine affecting Ansible Engine
versions 2 ...)
- ansible 2.9.7+dfsg-1
- [buster] - ansible <no-dsa> (Minor issue)
[jessie] - ansible <not-affected> (Vulnerable code introduced later,
all decryption in-memory, no transparent file decryption)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814627
NOTE: https://github.com/ansible/ansible/pull/68433
@@ -97514,7 +97509,6 @@ CVE-2020-10685 (A flaw was found in Ansible Engine
affecting Ansible Engine vers
NOTE: Introduced in
https://github.com/ansible/ansible/commit/cdf6e3e4bf44fdab62c2e4ccd3f5fd67ea554548
(2.1)
CVE-2020-10684 (A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x
and 2.9. ...)
- ansible 2.9.7+dfsg-1
- [buster] - ansible <no-dsa> (Minor issue)
[stretch] - ansible <not-affected> (Vulnerable code introduced later,
'ansible_facts' variable not exposed)
[jessie] - ansible <not-affected> (Vulnerable code introduced later,
'ansible_facts' variable not exposed)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1815519
@@ -121456,7 +121450,6 @@ CVE-2020-1754
RESERVED
CVE-2020-1753 (A security flaw was found in Ansible Engine, all Ansible 2.7.x
version ...)
- ansible 2.9.16+dfsg-1
- [buster] - ansible <no-dsa> (Minor issue)
[stretch] - ansible <not-affected> (Vulnerable code introduced later)
[jessie] - ansible <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1811008
@@ -121499,7 +121492,6 @@ CVE-2020-1747 (A vulnerability was discovered in the
PyYAML library in versions
NOTE: https://github.com/yaml/pyyaml/pull/386
CVE-2020-1746 (A flaw was found in the Ansible Engine affecting Ansible Engine
versio ...)
- ansible 2.9.7+dfsg-1
- [buster] - ansible <no-dsa> (Minor issue)
[stretch] - ansible <not-affected> (Vulnerable code introduced later)
[jessie] - ansible <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1805491
@@ -121522,14 +121514,12 @@ CVE-2020-1741 (A flaw was found in
openshift-ansible. OpenShift Container Platfo
CVE-2020-1740 (A flaw was found in Ansible Engine when using Ansible Vault for
editin ...)
{DLA-2202-1}
- ansible 2.9.7+dfsg-1
- [buster] - ansible <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802193
NOTE: https://github.com/ansible/ansible/issues/67798
NOTE: https://github.com/ansible/ansible/pull/68644
CVE-2020-1739 (A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior,
and 2.9 ...)
{DLA-2202-1}
- ansible 2.9.7+dfsg-1
- [buster] - ansible <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802178
NOTE: https://github.com/ansible/ansible/issues/67797
NOTE: https://github.com/ansible/ansible/pull/67829
@@ -121556,7 +121546,6 @@ CVE-2020-1736 (A flaw was found in Ansible Engine
when a file is moved using ato
NOTE: that accept it, cf.
https://github.com/ansible/ansible/commit/7eec8e4d268d6711f317583974e9e936083de636
CVE-2020-1735 (A flaw was found in the Ansible Engine when the fetch module is
used. ...)
- ansible 2.9.7+dfsg-1
- [buster] - ansible <no-dsa> (Minor issue)
[jessie] - ansible <not-affected> (No remote expansion in fetch module)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802085
NOTE: https://github.com/ansible/ansible/issues/67793
@@ -121575,7 +121564,6 @@ CVE-2020-1734 (A flaw was found in the pipe lookup
plugin of ansible. Arbitrary
CVE-2020-1733 (A race condition flaw was found in Ansible Engine 2.7.17 and
prior, 2. ...)
{DLA-2202-1}
- ansible 2.9.7+dfsg-1
- [buster] - ansible <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1801735
NOTE: https://github.com/ansible/ansible/issues/67791
NOTE: https://github.com/ansible/ansible/pull/68921
@@ -137843,7 +137831,6 @@ CVE-2019-14905 (A vulnerability was found in Ansible
Engine versions 2.9.x befor
CVE-2019-14904 (A flaw was found in the solaris_zone module from the Ansible
Community ...)
{DLA-2535-1}
- ansible 2.9.4+dfsg-1 (low)
- [buster] - ansible <no-dsa> (Minor issue)
[jessie] - ansible <not-affected> (Vulnerable module first bundled in
2.0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1776944
NOTE: https://github.com/ansible/ansible/pull/65686
@@ -138057,7 +138044,6 @@ CVE-2019-14865 (A flaw was found in the
grub2-set-bootflag utility of grub2. A l
NOTE: Red Hat-specific patch, get added as
0131-Add-grub-set-bootflag-utility.patch in their SRPM
CVE-2019-14864 (Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and
Ansible v ...)
- ansible 2.9.2+dfsg-1 (low; bug #943768)
- [buster] - ansible <no-dsa> (Minor issue)
[stretch] - ansible <not-affected> (Vulnerable code was introduced
later)
[jessie] - ansible <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/ansible/ansible/issues/63522
@@ -138176,7 +138162,6 @@ CVE-2019-14847 (A flaw was found in samba 4.0.0
before samba 4.9.15 and samba 4.
CVE-2019-14846 (In Ansible, all Ansible Engine versions up to ansible-engine
2.8.5, an ...)
{DLA-2535-1 DLA-2202-1}
- ansible 2.8.6+dfsg-1 (low; bug #942188)
- [buster] - ansible <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1755373
NOTE: https://github.com/ansible/ansible/pull/63366
NOTE:
https://github.com/ansible/ansible/commit/90e74dd2600e5cc42dd9b4f4656f3d651c4ce5c4
@@ -152741,7 +152726,6 @@ CVE-2019-14856 (ansible before versions 2.8.6,
2.7.14, 2.6.20 is vulnerable to a
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760829
CVE-2019-10206 (ansible-playbook -k and ansible cli tools, all versions 2.8.x
before 2 ...)
- ansible 2.8.6+dfsg-1 (bug #933005)
- [buster] - ansible <no-dsa> (Minor issue)
[jessie] - ansible <not-affected> (Vulnerable code introduced later,
password templating code introduced with 2.0 refactoring, '{{' supported in
passwords)
NOTE: https://github.com/ansible/ansible/pull/59246
NOTE: 2.8.x https://github.com/ansible/ansible/pull/59552
@@ -152966,7 +152950,6 @@ CVE-2019-10157 (It was found that Keycloak's Node.js
adapter before version 4.8.
CVE-2019-10156 (A flaw was discovered in the way Ansible templating was
implemented in ...)
{DLA-2535-1 DLA-1923-1}
- ansible 2.8.3+dfsg-1 (low; bug #930065)
- [buster] - ansible <no-dsa> (Minor issue)
NOTE: https://github.com/ansible/ansible/pull/57188
CVE-2019-10155 (The Libreswan Project has found a vulnerability in the
processing of I ...)
- libreswan 3.27-6 (bug #930338)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1d7570f4971ee5d8f40949607774d1acdee4fbe
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1d7570f4971ee5d8f40949607774d1acdee4fbe
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
