[Git][security-tracker-team/security-tracker][master] 3 commits: Add CVE-2018-16859/ansible

Salvatore Bonaccorso carnil at debian.org
Sat Nov 17 08:17:15 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2619b412 by Salvatore Bonaccorso at 2018-11-17T08:14:03Z
Add CVE-2018-16859/ansible

Issue marked as not affected instead of <unfixed> (unimportant) as the
issue only affects executing Ansible playbooks on Windows platforms with
PowerShell ScriptBlock logging and Module logging enabled and
explotiable by a local user with admistratior privilges on the
respective machine.

- - - - -
10c83fb5 by Salvatore Bonaccorso at 2018-11-17T08:15:47Z
Merge remote-tracking branch 'origin/master'

- - - - -
e3481e27 by Salvatore Bonaccorso at 2018-11-17T08:16:25Z
Mark CVE-2018-15769 as NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6255,8 +6255,9 @@ CVE-2018-16861
 	RESERVED
 CVE-2018-16860
 	RESERVED
-CVE-2018-16859
+CVE-2018-16859 [become password logged in plaintext when used with PowerShell on Windows]
 	RESERVED
+	- ansible <not-affected> (Only issue when executing Ansible playbooks on Windows platforms)
 CVE-2018-16858
 	RESERVED
 CVE-2018-16857
@@ -9101,7 +9102,7 @@ CVE-2018-15771 (Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint
 CVE-2018-15770
 	RESERVED
 CVE-2018-15769 (RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x ...)
-	TODO: check
+	NOT-FOR-US: RSA BSAFE Micro Edition Suite
 CVE-2018-15768
 	RESERVED
 CVE-2018-15767



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/837a222f1af4ea31207a3c4d10647fb9374fbd07...e3481e27d9158df7ec06a9cbc7062e24de386242

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/837a222f1af4ea31207a3c4d10647fb9374fbd07...e3481e27d9158df7ec06a9cbc7062e24de386242
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181117/c3541fa3/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list