[Git][security-tracker-team/security-tracker][master] Update information on CVE-2019-10217/ansible

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2a1939d3 by Salvatore Bonaccorso at 2019-09-08T13:14:55Z
Update information on CVE-2019-10217/ansible

The GCP IAM role was only introduced in the 2.8 series and not
backported to older brnaches. The GCP IAM role addition introduces the
problematic load.

Mark stretch and buster as not affected.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17156,9 +17156,13 @@ CVE-2019-10218
 CVE-2019-10217
 	RESERVED
 	- ansible <unfixed> (bug #934128)
+	[buster] - ansible <not-affected> (Vulnerable code introduced later)
+	[stretch] - ansible <not-affected> (Vulnerable code introduced later)
 	[jessie] - ansible <not-affected> (vulnerable code introduced later)
 	NOTE: https://github.com/ansible/ansible/issues/56269
 	NOTE: https://github.com/ansible/ansible/pull/59427
+	NOTE: Introduced by: https://github.com/ansible/ansible/commit/08918c6c2bcd73eb40b89af31736d3fcbe55e75a (v2.8.0a1)
+	NOTE: Fixed by: https://github.com/ansible/ansible/commit/c1ee1f142db1e669b710a65147ea32be47a91519
 CVE-2019-10216 [-dSAFER escape via .buildfont1]
 	RESERVED
 	{DSA-4499-1 DLA-1880-1}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2a1939d3fd8d1799784b089303498742cbb29e55

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2a1939d3fd8d1799784b089303498742cbb29e55
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190908/7bac9ea3/attachment.html>