[Git][security-tracker-team/security-tracker][master] CVE-2019-14904,CVE-2019-14905/ansible: fix affected versions

[Sylvain Beucler]

Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
575fc6f9 by Sylvain Beucler at 2020-05-02T23:52:49+02:00
CVE-2019-14904,CVE-2019-14905/ansible: fix affected versions

Git seems to be confused when reporting branches/tags involving submodules.
Modules inclusion documented at https://github.com/ansible/ansible/blob/stable-2.2/CHANGELOG.md

External initial commits (no version information):
solaris_zone: https://github.com/ansible/ansible-modules-extras/commit/5a79b5ab0dfe59763ac131c1a77fd10b1dfe00ac
nxos_file_copy: https://github.com/ansible/ansible-modules-core/commit/3b266bf1e2fb766a1e830339d32028aac68e1a06

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -44757,19 +44757,19 @@ CVE-2019-14905 (A vulnerability was found in Ansible Engine versions 2.9.x befor
 	- ansible 2.9.4+dfsg-1 (low)
 	[buster] - ansible <no-dsa> (Minor issue)
 	[stretch] - ansible <no-dsa> (Minor issue)
-	[jessie] - ansible <not-affected> (Vulnerable code introduced later)
+	[jessie] - ansible <not-affected> (Vulnerable module first bundled in 2.2)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1776943
 	NOTE: https://github.com/ansible/ansible/pull/65423
-	NOTE: Introduced in https://github.com/ansible/ansible/commit/e392417232b89a74af221ec49fc57a5f74a70128 (2.3)
+	NOTE: https://github.com/ansible/ansible/blob/stable-2.2/CHANGELOG.md
 CVE-2019-14904 [vulnerability in solaris_zone module via crafted solaris zone]
 	RESERVED
 	- ansible 2.9.4+dfsg-1 (low)
 	[buster] - ansible <no-dsa> (Minor issue)
 	[stretch] - ansible <no-dsa> (Minor issue)
-	[jessie] - ansible <not-affected> (Vulnerable code introduced later)
+	[jessie] - ansible <not-affected> (Vulnerable module first bundled in 2.0)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1776944
 	NOTE: https://github.com/ansible/ansible/pull/65686
-	NOTE: Introduced in https://github.com/ansible/ansible/commit/03730a3d55a50ae2d7f300d4a51082db9fc3575b (2.3)
+	NOTE: https://github.com/ansible/ansible/blob/stable-2.0/CHANGELOG.md
 CVE-2019-14903
 	RESERVED
 CVE-2019-14902 (There is an issue in all samba 4.11.x versions before 4.11.5, all samb ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/575fc6f977385e24ffecb45d19262c29463a03c0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/575fc6f977385e24ffecb45d19262c29463a03c0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200502/e00560a7/attachment-0001.html>