[Git][security-tracker-team/security-tracker][master] ansible fixed in sid

Moritz Muehlenhoff jmm at debian.org
Sat May 9 20:53:56 BST 2020



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2a41cf0e by Moritz Muehlenhoff at 2020-05-09T21:53:26+02:00
ansible fixed in sid
one PHP non-issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6317,7 +6317,7 @@ CVE-2020-10693 (A flaw was found in Hibernate Validator version 6.1.2.Final. A b
 CVE-2020-10692
 	RESERVED
 CVE-2020-10691 (An archive traversal flaw was found in all ansible-engine versions 2.9 ...)
-	- ansible <unfixed>
+	- ansible 2.9.7+dfsg-1
 	[buster] - ansible <not-affected> (Vulnerable code introduced later)
 	[stretch] - ansible <not-affected> (Vulnerable code introduced later)
 	[jessie] - ansible <not-affected> (Vulnerable code introduced later)
@@ -14674,12 +14674,14 @@ CVE-2020-7068
 	RESERVED
 CVE-2020-7067 (In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below ...)
 	{DLA-2188-1}
-	- php7.4 7.4.5-1
-	- php7.3 <removed>
-	- php7.0 <removed>
-	- php5 <removed>
+	- php7.4 7.4.5-1 (unimportant)
+	- php7.3 <removed> (unimportant)
+	- php7.0 <removed> (unimportant)
+	- php5 <removed> (unimportant)
 	NOTE: Fixed in PHP 7.4.5, 7.3.17
 	NOTE: PHP Bug: https://bugs.php.net/79465
+	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=9d6bf8221b05f86ce5875832f0f646c4c1f218be
+	NOTE: This only affects builds which enable EDBDIC
 CVE-2020-7066 (In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below ...)
 	{DLA-2188-1}
 	- php7.4 7.4.5-1
@@ -14688,6 +14690,7 @@ CVE-2020-7066 (In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x
 	- php5 <removed>
 	NOTE: Fixed in PHP 7.4.4, 7.3.16, 7.2.29
 	NOTE: PHP Bug: https://bugs.php.net/79329
+	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=0d139c5b94a5f485a66901919e51faddb0371c43
 CVE-2020-7065 (In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using ...)
 	- php7.4 7.4.5-1
 	- php7.3 <removed>
@@ -14695,6 +14698,7 @@ CVE-2020-7065 (In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while
 	- php5 <not-affected> (Vulnerable code introduced later)
 	NOTE: Fixed in PHP 7.4.4, 7.3.16
 	NOTE: PHP Bug: https://bugs.php.net/79371
+	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=1fdffd1c55d771ca22ae217784ab75fce592ad38
 CVE-2020-7064 (In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below  ...)
 	{DLA-2188-1}
 	- php7.4 7.4.5-1
@@ -14703,6 +14707,7 @@ CVE-2020-7064 (In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x b
 	- php5 <removed>
 	NOTE: Fixed in PHP 7.4.4, 7.3.16, 7.2.29
 	NOTE: PHP Bug: https://bugs.php.net/79282
+	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=25238bdf6005b85ab844aa2b743b589dfce9f0d2
 CVE-2020-7063 (In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below ...)
 	{DLA-2160-1}
 	- php7.4 7.4.3-1
@@ -29156,13 +29161,13 @@ CVE-2020-1741 (A flaw was found in openshift-ansible. OpenShift Container Platfo
 	NOT-FOR-US: openshift-ansible
 CVE-2020-1740 (A flaw was found in Ansible Engine when using Ansible Vault for editin ...)
 	{DLA-2202-1}
-	- ansible <unfixed>
+	- ansible 2.9.7+dfsg-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802193
 	NOTE: https://github.com/ansible/ansible/issues/67798
 	NOTE: https://github.com/ansible/ansible/pull/68644
 CVE-2020-1739 (A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9 ...)
 	{DLA-2202-1}
-	- ansible <unfixed>
+	- ansible 2.9.7+dfsg-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802178
 	NOTE: https://github.com/ansible/ansible/issues/67797
 	NOTE: https://github.com/ansible/ansible/pull/67829
@@ -29174,7 +29179,7 @@ CVE-2020-1738 (A flaw was found in Ansible Engine when the module package or ser
 	NOTE: Marked unimportant as for exploitation it requires already a remote that is
 	NOTE: compromised, cf. https://github.com/ansible/ansible/issues/67796#issuecomment-614656017
 CVE-2020-1737 (A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9 ...)
-	- ansible <unfixed> (unimportant)
+	- ansible 2.9.7+dfsg-1 (unimportant)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802154
 	NOTE: https://github.com/ansible/ansible/issues/67795
 	NOTE: https://github.com/ansible/ansible/pull/67799
@@ -29199,7 +29204,7 @@ CVE-2020-1734 (A flaw was found in the pipe lookup plugin of ansible. Arbitrary
 	NOTE: playbook author to ensure they use the quote filter.
 CVE-2020-1733 (A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2. ...)
 	{DLA-2202-1}
-	- ansible <unfixed>
+	- ansible 2.9.7+dfsg-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1801735
 	NOTE: https://github.com/ansible/ansible/issues/67791
 	NOTE: https://github.com/ansible/ansible/pull/68921



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a41cf0e4c34b5627de9e7d4b3c85291e57c210c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a41cf0e4c34b5627de9e7d4b3c85291e57c210c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200509/bdb2b545/attachment.html>


More information about the debian-security-tracker-commits mailing list