[Git][security-tracker-team/security-tracker][master] ansible fixed in sid
Moritz Muehlenhoff
jmm at debian.org
Sat May 9 20:53:56 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2a41cf0e by Moritz Muehlenhoff at 2020-05-09T21:53:26+02:00
ansible fixed in sid
one PHP non-issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6317,7 +6317,7 @@ CVE-2020-10693 (A flaw was found in Hibernate Validator version 6.1.2.Final. A b
CVE-2020-10692
RESERVED
CVE-2020-10691 (An archive traversal flaw was found in all ansible-engine versions 2.9 ...)
- - ansible <unfixed>
+ - ansible 2.9.7+dfsg-1
[buster] - ansible <not-affected> (Vulnerable code introduced later)
[stretch] - ansible <not-affected> (Vulnerable code introduced later)
[jessie] - ansible <not-affected> (Vulnerable code introduced later)
@@ -14674,12 +14674,14 @@ CVE-2020-7068
RESERVED
CVE-2020-7067 (In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below ...)
{DLA-2188-1}
- - php7.4 7.4.5-1
- - php7.3 <removed>
- - php7.0 <removed>
- - php5 <removed>
+ - php7.4 7.4.5-1 (unimportant)
+ - php7.3 <removed> (unimportant)
+ - php7.0 <removed> (unimportant)
+ - php5 <removed> (unimportant)
NOTE: Fixed in PHP 7.4.5, 7.3.17
NOTE: PHP Bug: https://bugs.php.net/79465
+ NOTE: http://git.php.net/?p=php-src.git;a=commit;h=9d6bf8221b05f86ce5875832f0f646c4c1f218be
+ NOTE: This only affects builds which enable EDBDIC
CVE-2020-7066 (In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below ...)
{DLA-2188-1}
- php7.4 7.4.5-1
@@ -14688,6 +14690,7 @@ CVE-2020-7066 (In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x
- php5 <removed>
NOTE: Fixed in PHP 7.4.4, 7.3.16, 7.2.29
NOTE: PHP Bug: https://bugs.php.net/79329
+ NOTE: http://git.php.net/?p=php-src.git;a=commit;h=0d139c5b94a5f485a66901919e51faddb0371c43
CVE-2020-7065 (In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using ...)
- php7.4 7.4.5-1
- php7.3 <removed>
@@ -14695,6 +14698,7 @@ CVE-2020-7065 (In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while
- php5 <not-affected> (Vulnerable code introduced later)
NOTE: Fixed in PHP 7.4.4, 7.3.16
NOTE: PHP Bug: https://bugs.php.net/79371
+ NOTE: http://git.php.net/?p=php-src.git;a=commit;h=1fdffd1c55d771ca22ae217784ab75fce592ad38
CVE-2020-7064 (In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below ...)
{DLA-2188-1}
- php7.4 7.4.5-1
@@ -14703,6 +14707,7 @@ CVE-2020-7064 (In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x b
- php5 <removed>
NOTE: Fixed in PHP 7.4.4, 7.3.16, 7.2.29
NOTE: PHP Bug: https://bugs.php.net/79282
+ NOTE: http://git.php.net/?p=php-src.git;a=commit;h=25238bdf6005b85ab844aa2b743b589dfce9f0d2
CVE-2020-7063 (In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below ...)
{DLA-2160-1}
- php7.4 7.4.3-1
@@ -29156,13 +29161,13 @@ CVE-2020-1741 (A flaw was found in openshift-ansible. OpenShift Container Platfo
NOT-FOR-US: openshift-ansible
CVE-2020-1740 (A flaw was found in Ansible Engine when using Ansible Vault for editin ...)
{DLA-2202-1}
- - ansible <unfixed>
+ - ansible 2.9.7+dfsg-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802193
NOTE: https://github.com/ansible/ansible/issues/67798
NOTE: https://github.com/ansible/ansible/pull/68644
CVE-2020-1739 (A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9 ...)
{DLA-2202-1}
- - ansible <unfixed>
+ - ansible 2.9.7+dfsg-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802178
NOTE: https://github.com/ansible/ansible/issues/67797
NOTE: https://github.com/ansible/ansible/pull/67829
@@ -29174,7 +29179,7 @@ CVE-2020-1738 (A flaw was found in Ansible Engine when the module package or ser
NOTE: Marked unimportant as for exploitation it requires already a remote that is
NOTE: compromised, cf. https://github.com/ansible/ansible/issues/67796#issuecomment-614656017
CVE-2020-1737 (A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9 ...)
- - ansible <unfixed> (unimportant)
+ - ansible 2.9.7+dfsg-1 (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802154
NOTE: https://github.com/ansible/ansible/issues/67795
NOTE: https://github.com/ansible/ansible/pull/67799
@@ -29199,7 +29204,7 @@ CVE-2020-1734 (A flaw was found in the pipe lookup plugin of ansible. Arbitrary
NOTE: playbook author to ensure they use the quote filter.
CVE-2020-1733 (A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2. ...)
{DLA-2202-1}
- - ansible <unfixed>
+ - ansible 2.9.7+dfsg-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1801735
NOTE: https://github.com/ansible/ansible/issues/67791
NOTE: https://github.com/ansible/ansible/pull/68921
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a41cf0e4c34b5627de9e7d4b3c85291e57c210c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a41cf0e4c34b5627de9e7d4b3c85291e57c210c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200509/bdb2b545/attachment.html>
More information about the debian-security-tracker-commits
mailing list