Source: ansible Version: 2.1.1.0-1 Severity: important Tags: security upstream
Hi, the following vulnerability was published for ansible. CVE-2016-8628[0]: Command injection by compromised server via fact variables Details are though bit scarce yet, no upstream reference handy for the fixing commit. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-8628 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1388113 Please adjust the affected versions in the BTS as needed. Regards, Salvatore _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
