Ola Lundqvist pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ef189a3b by Ola Lundqvist at 2020-01-19T22:40:20+01:00
Noted that all open CVEs on ansible are marked as no-dsa for Buster and
Stretch. No reason to treat Jessie differently.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -29469,12 +29469,14 @@ CVE-2019-14905 [malicious code could craft filename
in nxos_file_copy module]
- ansible <unfixed> (low)
[buster] - ansible <no-dsa> (Minor issue)
[stretch] - ansible <no-dsa> (Minor issue)
+ [jessie] - ansible <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1776943
CVE-2019-14904 [vulnerability in solaris_zone module via crafted solaris zone]
RESERVED
- ansible <unfixed> (low)
[buster] - ansible <no-dsa> (Minor issue)
[stretch] - ansible <no-dsa> (Minor issue)
+ [jessie] - ansible <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1776944
CVE-2019-14903
RESERVED
@@ -29624,6 +29626,7 @@ CVE-2019-14864 (Ansible, versions 2.9.x before 2.9.1,
2.8.x before 2.8.7 and Ans
- ansible 2.9.2+dfsg-1 (low; bug #943768)
[buster] - ansible <no-dsa> (Minor issue)
[stretch] - ansible <no-dsa> (Minor issue)
+ [jessie] - ansible <ignored> (Minor issue)
NOTE: https://github.com/ansible/ansible/issues/63522
NOTE: https://github.com/ansible/ansible/pull/63527
CVE-2019-14863 (There is a vulnerability in all angular versions before
1.5.0-beta.0, ...)
@@ -29658,6 +29661,7 @@ CVE-2019-14858 (A vulnerability was found in Ansible
engine 2.x up to 2.8 and An
- ansible 2.8.6+dfsg-1 (bug #942332)
[buster] - ansible <no-dsa> (Minor issue)
[stretch] - ansible <no-dsa> (Minor issue)
+ [jessie] - ansible <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760593
NOTE: https://github.com/ansible/ansible/pull/63405
CVE-2019-14857 (A flaw was found in mod_auth_openidc before version 2.4.0.1.
An open r ...)
@@ -29740,6 +29744,7 @@ CVE-2019-14846 (Ansible, all ansible_engine-2.x
versions and ansible_engine-3.x
- ansible 2.8.6+dfsg-1 (low; bug #942188)
[buster] - ansible <no-dsa> (Minor issue)
[stretch] - ansible <no-dsa> (Minor issue)
+ [jessie] - ansible <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1755373
NOTE: https://github.com/ansible/ansible/pull/63366
CVE-2019-14845 (A vulnerability was found in OpenShift builds, versions 4.1 up
to 4.3. ...)
=====================================
data/dla-needed.txt
=====================================
@@ -9,11 +9,6 @@ To pick an issue, simply add your name behind it. To learn
more about how
this list is updated have a look at
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
---
-ansible
- NOTE: 20191011: Code appears to be in lib/ansible/callbacks.py in jessie's
version. (lamby)
- NOTE: CVE-2019-14846 should be an easy fix.
- NOTE: CVE-2019-14858's upstream patch is too big; fails to work properly.
(utkarsh2102)
--
clamav (Hugo Lefeuvre)
NOTE: 20200111: waiting for 0.102.1 to enter stretch/buster.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef189a3b1271890ac74e8442bbf51ded0884bd75
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef189a3b1271890ac74e8442bbf51ded0884bd75
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
