Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker
Commits: ef189a3b by Ola Lundqvist at 2020-01-19T22:40:20+01:00 Noted that all open CVEs on ansible are marked as no-dsa for Buster and Stretch. No reason to treat Jessie differently. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -29469,12 +29469,14 @@ CVE-2019-14905 [malicious code could craft filename in nxos_file_copy module] - ansible <unfixed> (low) [buster] - ansible <no-dsa> (Minor issue) [stretch] - ansible <no-dsa> (Minor issue) + [jessie] - ansible <ignored> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1776943 CVE-2019-14904 [vulnerability in solaris_zone module via crafted solaris zone] RESERVED - ansible <unfixed> (low) [buster] - ansible <no-dsa> (Minor issue) [stretch] - ansible <no-dsa> (Minor issue) + [jessie] - ansible <ignored> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1776944 CVE-2019-14903 RESERVED @@ -29624,6 +29626,7 @@ CVE-2019-14864 (Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ans - ansible 2.9.2+dfsg-1 (low; bug #943768) [buster] - ansible <no-dsa> (Minor issue) [stretch] - ansible <no-dsa> (Minor issue) + [jessie] - ansible <ignored> (Minor issue) NOTE: https://github.com/ansible/ansible/issues/63522 NOTE: https://github.com/ansible/ansible/pull/63527 CVE-2019-14863 (There is a vulnerability in all angular versions before 1.5.0-beta.0, ...) @@ -29658,6 +29661,7 @@ CVE-2019-14858 (A vulnerability was found in Ansible engine 2.x up to 2.8 and An - ansible 2.8.6+dfsg-1 (bug #942332) [buster] - ansible <no-dsa> (Minor issue) [stretch] - ansible <no-dsa> (Minor issue) + [jessie] - ansible <ignored> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760593 NOTE: https://github.com/ansible/ansible/pull/63405 CVE-2019-14857 (A flaw was found in mod_auth_openidc before version 2.4.0.1. An open r ...) @@ -29740,6 +29744,7 @@ CVE-2019-14846 (Ansible, all ansible_engine-2.x versions and ansible_engine-3.x - ansible 2.8.6+dfsg-1 (low; bug #942188) [buster] - ansible <no-dsa> (Minor issue) [stretch] - ansible <no-dsa> (Minor issue) + [jessie] - ansible <ignored> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1755373 NOTE: https://github.com/ansible/ansible/pull/63366 CVE-2019-14845 (A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. ...) ===================================== data/dla-needed.txt ===================================== @@ -9,11 +9,6 @@ To pick an issue, simply add your name behind it. To learn more about how this list is updated have a look at https://wiki.debian.org/LTS/Development#Triage_new_security_issues --- -ansible - NOTE: 20191011: Code appears to be in lib/ansible/callbacks.py in jessie's version. (lamby) - NOTE: CVE-2019-14846 should be an easy fix. - NOTE: CVE-2019-14858's upstream patch is too big; fails to work properly. (utkarsh2102) -- clamav (Hugo Lefeuvre) NOTE: 20200111: waiting for 0.102.1 to enter stretch/buster. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef189a3b1271890ac74e8442bbf51ded0884bd75 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef189a3b1271890ac74e8442bbf51ded0884bd75 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits