[Git][security-tracker-team/security-tracker][master] CVE-2019-3828,CVE-2020-1735/ansible: jessie not-affected

Sylvain Beucler beuc at debian.org
Sun Apr 26 15:55:24 BST 2020 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7075ec87 by Sylvain Beucler at 2020-04-26T16:54:13+02:00
CVE-2019-3828,CVE-2020-1735/ansible: jessie not-affected

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27602,9 +27602,11 @@ CVE-2020-1736 (A flaw was found in Ansible Engine when a file is moved using ato
 	NOTE: https://github.com/ansible/ansible/issues/67794
 CVE-2020-1735 (A flaw was found in the Ansible Engine when the fetch module is used.  ...)
 	- ansible <unfixed>
+	[jessie] - ansible <not-affected> (No remote expansion in fetch module)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802085
 	NOTE: https://github.com/ansible/ansible/issues/67793
 	NOTE: https://github.com/ansible/ansible/pull/68720
+	NOTE: Introduced in https://github.com/ansible/ansible/commit/e47f6137e5b897dec4319e7cb7791fb9b2cffb8d (1.8)
 CVE-2020-1734 (A flaw was found in the pipe lookup plugin of ansible. Arbitrary comma ...)
 	- ansible <unfixed> (unimportant)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1801804
@@ -75859,10 +75861,11 @@ CVE-2019-3829 (A vulnerability was found in gnutls versions from 3.5.8 before 3.
 CVE-2019-3828 (Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path  ...)
 	{DSA-4396-1}
 	- ansible 2.7.7+dfsg-1 (bug #922537)
-	[jessie] - ansible <not-affected> (Vulnerable code not present)
+	[jessie] - ansible <not-affected> (No remote expansion in fetch module)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1676689
 	NOTE: https://github.com/ansible/ansible/pull/52133
-	NOTE: https://github.com/ansible/ansible/pull/68720 (follow-up)
+	NOTE: https://github.com/ansible/ansible/pull/68720 (CVE-2020-1735 follow-up)
+	NOTE: Introduced in https://github.com/ansible/ansible/commit/bc4272d2a26e47418c7d588208482d05a34a34cd (1.8)
 CVE-2019-3827 (An incorrect permission check in the admin backend in gvfs before vers ...)
 	- gvfs 1.38.1-3 (bug #921816)
 	[stretch] - gvfs <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7075ec87574bb92e2412340ab15f32f12e81e16f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7075ec87574bb92e2412340ab15f32f12e81e16f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200426/c52a1962/attachment.html>

More information about the debian-security-tracker-commits mailing list