[Git][security-tracker-team/security-tracker][master] CVE-2019-14856/ansible assigned

Salvatore Bonaccorso carnil at debian.org
Sat Oct 12 08:07:04 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a5995a7b by Salvatore Bonaccorso at 2019-10-12T07:05:43Z
CVE-2019-14856/ansible assigned

The CVE is not affecting Debian as we never landed a fix for
CVE-2019-10206 itself (and CVE-2019-14856 is assigned for an incomplete
fix).

Annotate entry for CVE-2019-10206 to make sure the fix will be made
complete and not open CVE-2019-14856.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7320,8 +7320,6 @@ CVE-2019-14857
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/ce37080c6aea30aabae8b4a9b4eea7808445cc8e
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/pull/451
 	NOTE: https://groups.google.com/forum/#!topic/mod_auth_openidc/boy1Ba3Gdk4
-CVE-2019-14856
-	RESERVED
 CVE-2019-14855
 	RESERVED
 CVE-2019-14854
@@ -21245,6 +21243,10 @@ CVE-2019-10207 [bluetooth: hci_uart: 0x0 address  execution as nonprivileged use
 	NOTE: https://www.openwall.com/lists/oss-security/2019/07/25/1
 	NOTE: https://lore.kernel.org/linux-bluetooth/20190725120909.31235-1-vdronov@redhat.com/T/#u
 	NOTE: https://git.kernel.org/linus/b36a1552d7319bbfd5cf7f08726c23c5c66d4f73
+CVE-2019-14856 [Incomplete fix for CVE-2019-10206]
+	- ansible <not-affected> (Incomplete fix for CVE-2019-10206 not applied)
+	NOTE: https://github.com/ansible/ansible/pull/63351
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760829
 CVE-2019-10206 [disclosure data when prompted for password and template characters are passed]
 	RESERVED
 	- ansible <unfixed> (bug #933005)
@@ -21255,6 +21257,9 @@ CVE-2019-10206 [disclosure data when prompted for password and template characte
 	NOTE: 2.8.x https://github.com/ansible/ansible/pull/59552
 	NOTE: 2.7.x https://github.com/ansible/ansible/pull/59553
 	NOTE: 2.6.x https://github.com/ansible/ansible/pull/59554
+	NOTE: When fixing this issue is needed to make the fix complete with
+	NOTE: https://github.com/ansible/ansible/pull/63351 to not open
+	NOTE: CVE-2019-14856.
 CVE-2019-10205
 	RESERVED
 	NOT-FOR-US: Red Hat Quay



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a5995a7be1382af07274480df7fcbb47adbcedc9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a5995a7be1382af07274480df7fcbb47adbcedc9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191012/9ee64e16/attachment.html>

More information about the debian-security-tracker-commits mailing list