[Secure-testing-commits] r50601 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Apr 12 19:17:52 UTC 2017
Author: carnil
Date: 2017-04-12 19:17:52 +0000 (Wed, 12 Apr 2017)
New Revision: 50601
Modified:
data/CVE/list
Log:
Update information for CVE-2017-7466 and CVE-2016-9587; thanks to hlieberman
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-12 19:02:16 UTC (rev 50600)
+++ data/CVE/list 2017-04-12 19:17:52 UTC (rev 50601)
@@ -599,6 +599,7 @@
CVE-2017-7466 [Incomplete fix for CVE-2016-9587]
RESERVED
- ansible 2.2.1.0-2
+ [jessie] - ansible <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ansible/ansible/commit/0d418789a298561fded9bce977d34babc9097079 (v2.3.0.0-0.1.rc1)
CVE-2017-7465
RESERVED
@@ -19761,6 +19762,7 @@
CVE-2016-9587 [Compromised remote hosts can lead to running commands on the Ansible controller]
RESERVED
- ansible 2.2.0.0-3 (bug #850846)
+ [jessie] - ansible <not-affected> (Vulnerable code not present, way ssh commands was reworked in 2.x branch)
NOTE: Fixed by: https://github.com/ansible/ansible/commit/ec84ff6de6eca9224bf3f22b752bb8da806611ed (v2.2.1.0-0.3.rc3)
NOTE: Fixed by: https://github.com/ansible/ansible/commit/eb8c26c105e8457b86324b64a13fac37d8862d47 (v2.2.1.0-0.4.rc4)
NOTE: Fixed by: https://github.com/ansible/ansible/commit/cc4634a5e73c06c6b4581f11171289ca9228391e (v2.2.1.0-0.4.rc4)
More information about the Secure-testing-commits
mailing list