[Git][security-tracker-team/security-tracker][master] Update notes for ansible
Brian May
bam at debian.org
Thu May 7 22:31:56 BST 2020
Brian May pushed to branch master at Debian Security Tracker / security-tracker
Commits:
30d7d0ff by Brian May at 2020-05-08T07:31:43+10:00
Update notes for ansible
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=====================================
data/dla-needed.txt
=====================================
@@ -11,12 +11,15 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
ansible
- NOTE: 20200506: DLA-2202-1 from (20200505) covers CVE-2019-14846,
- NOTE: 20200506: CVE-2020-1733, CVE-2020-1739 and CVE-2020-1740 but not
- NOTE: 20200506: CVE-2020-1736. The version in jessie does not use the
- NOTE: 20200506: `_DEFAULT_PERM` global variable but hardcodes 0777 and 0666
+ NOTE: 20200506: CVE-2020-1736: The version in jessie does not use the
+ NOTE: 20200506: `_DEFAULT_PERM` global variable but hardcodes 0666
NOTE: 20200506: in the atomic_move code in basic.py, so is likely vulnerable.
NOTE: 20200506: (lamby)
+ NOTE: 20200508: bam: Problem exists with new files only. Existing files
+ NOTE: 20200508: bam: code resets permissions to same value, should be fine.
+ NOTE: 20200508: bam: Upstream fix was to use 660 - https://github.com/ansible/ansible/pull/68970
+ NOTE: 20200508: bam: Upstream fix was reverted - https://github.com/ansible/ansible/pull/68983
+ NOTE: 20200508: bam: See https://github.com/ansible/ansible/issues/67794
--
apache-log4j2 (Abhijith PA)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30d7d0ff2ca51867e1917a180573e6597f940118
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30d7d0ff2ca51867e1917a180573e6597f940118
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200507/acb750ec/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list