[Secure-testing-commits] r50601 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Wed Apr 12 19:17:52 UTC 2017


Author: carnil
Date: 2017-04-12 19:17:52 +0000 (Wed, 12 Apr 2017)
New Revision: 50601

Modified:
   data/CVE/list
Log:
Update information for CVE-2017-7466 and CVE-2016-9587; thanks to hlieberman

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-12 19:02:16 UTC (rev 50600)
+++ data/CVE/list	2017-04-12 19:17:52 UTC (rev 50601)
@@ -599,6 +599,7 @@
 CVE-2017-7466 [Incomplete fix for CVE-2016-9587]
 	RESERVED
 	- ansible 2.2.1.0-2
+	[jessie] - ansible <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/ansible/ansible/commit/0d418789a298561fded9bce977d34babc9097079 (v2.3.0.0-0.1.rc1)
 CVE-2017-7465
 	RESERVED
@@ -19761,6 +19762,7 @@
 CVE-2016-9587 [Compromised remote hosts can lead to running commands on the Ansible controller]
 	RESERVED
 	- ansible 2.2.0.0-3 (bug #850846)
+	[jessie] - ansible <not-affected> (Vulnerable code not present, way ssh commands was reworked in 2.x branch)
 	NOTE: Fixed by: https://github.com/ansible/ansible/commit/ec84ff6de6eca9224bf3f22b752bb8da806611ed (v2.2.1.0-0.3.rc3)
 	NOTE: Fixed by: https://github.com/ansible/ansible/commit/eb8c26c105e8457b86324b64a13fac37d8862d47 (v2.2.1.0-0.4.rc4)
 	NOTE: Fixed by: https://github.com/ansible/ansible/commit/cc4634a5e73c06c6b4581f11171289ca9228391e (v2.2.1.0-0.4.rc4)




More information about the Secure-testing-commits mailing list