[Git][security-tracker-team/security-tracker][master] Noted that all open CVEs on ansible are marked as no-dsa for Buster and...

Ola Lundqvist opal at debian.org
Sun Jan 19 21:40:32 GMT 2020 


Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ef189a3b by Ola Lundqvist at 2020-01-19T22:40:20+01:00
Noted that all open CVEs on ansible are marked as no-dsa for Buster and Stretch. No reason to treat Jessie differently.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -29469,12 +29469,14 @@ CVE-2019-14905 [malicious code could craft filename in nxos_file_copy module]
 	- ansible <unfixed> (low)
 	[buster] - ansible <no-dsa> (Minor issue)
 	[stretch] - ansible <no-dsa> (Minor issue)
+	[jessie] - ansible <ignored> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1776943
 CVE-2019-14904 [vulnerability in solaris_zone module via crafted solaris zone]
 	RESERVED
 	- ansible <unfixed> (low)
 	[buster] - ansible <no-dsa> (Minor issue)
 	[stretch] - ansible <no-dsa> (Minor issue)
+	[jessie] - ansible <ignored> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1776944
 CVE-2019-14903
 	RESERVED
@@ -29624,6 +29626,7 @@ CVE-2019-14864 (Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ans
 	- ansible 2.9.2+dfsg-1 (low; bug #943768)
 	[buster] - ansible <no-dsa> (Minor issue)
 	[stretch] - ansible <no-dsa> (Minor issue)
+	[jessie] - ansible <ignored> (Minor issue)
 	NOTE: https://github.com/ansible/ansible/issues/63522
 	NOTE: https://github.com/ansible/ansible/pull/63527
 CVE-2019-14863 (There is a vulnerability in all angular versions before 1.5.0-beta.0,  ...)
@@ -29658,6 +29661,7 @@ CVE-2019-14858 (A vulnerability was found in Ansible engine 2.x up to 2.8 and An
 	- ansible 2.8.6+dfsg-1 (bug #942332)
 	[buster] - ansible <no-dsa> (Minor issue)
 	[stretch] - ansible <no-dsa> (Minor issue)
+	[jessie] - ansible <ignored> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760593
 	NOTE: https://github.com/ansible/ansible/pull/63405
 CVE-2019-14857 (A flaw was found in mod_auth_openidc before version 2.4.0.1. An open r ...)
@@ -29740,6 +29744,7 @@ CVE-2019-14846 (Ansible, all ansible_engine-2.x versions and ansible_engine-3.x
 	- ansible 2.8.6+dfsg-1 (low; bug #942188)
 	[buster] - ansible <no-dsa> (Minor issue)
 	[stretch] - ansible <no-dsa> (Minor issue)
+	[jessie] - ansible <ignored> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1755373
 	NOTE: https://github.com/ansible/ansible/pull/63366
 CVE-2019-14845 (A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. ...)


=====================================
data/dla-needed.txt
=====================================
@@ -9,11 +9,6 @@ To pick an issue, simply add your name behind it. To learn more about how
 this list is updated have a look at
 https://wiki.debian.org/LTS/Development#Triage_new_security_issues
 
---
-ansible
-  NOTE: 20191011: Code appears to be in lib/ansible/callbacks.py in jessie's version. (lamby)
-  NOTE: CVE-2019-14846 should be an easy fix.
-  NOTE: CVE-2019-14858's upstream patch is too big; fails to work properly. (utkarsh2102)
 --
 clamav (Hugo Lefeuvre)
   NOTE: 20200111: waiting for 0.102.1 to enter stretch/buster.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef189a3b1271890ac74e8442bbf51ded0884bd75

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef189a3b1271890ac74e8442bbf51ded0884bd75
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200119/2c9f6f4f/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list