[Git][security-tracker-team/security-tracker][master] Update status for CVE-2020-14330/ansible
Salvatore Bonaccorso
carnil at debian.org
Tue Aug 25 09:48:20 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0e82ea63 by Salvatore Bonaccorso at 2020-08-25T10:46:27+02:00
Update status for CVE-2020-14330/ansible
Maintainer confirms (and checked with upstream) that the first PR
attempts to fix the CVE, adds tests and changelog entry, the 2nd PR
referts the initial fix, adds another more elaborated fix. Thus both PRs
are needed for the CVE fix.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21702,7 +21702,9 @@ CVE-2020-14330
RESERVED
- ansible <unfixed>
NOTE: https://github.com/ansible/ansible/issues/68400
- NOTE: https://github.com/ansible/ansible/pull/69653
+ NOTE: Initial fix: https://github.com/ansible/ansible/pull/69653
+ NOTE: Complete fix (reverting first and adding more elaborated fix):
+ NOTE: https://github.com/ansible/ansible/pull/70762
NOTE: https://github.com/ansible/ansible/commit/e0f25a2b1f9e6c21f751ba0ed2dc2eee2152983e
CVE-2020-14329
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e82ea6341432a946bcded58abcec1bf3bc44853
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e82ea6341432a946bcded58abcec1bf3bc44853
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200825/af488510/attachment.html>
More information about the debian-security-tracker-commits
mailing list