[Git][security-tracker-team/security-tracker][master] remove some no-dsa entries for issues lined up with next update
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Aug 6 12:55:46 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a1d7570f by Moritz Muehlenhoff at 2021-08-06T13:55:10+02:00
remove some no-dsa entries for issues lined up with next update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -86029,7 +86029,6 @@ CVE-2020-14366 (A vulnerability was found in keycloak, where path traversal usin
NOT-FOR-US: Keycloak
CVE-2020-14365 (A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before ...)
- ansible 2.9.13+dfsg-1
- [buster] - ansible <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1869154
NOTE: https://github.com/ansible/ansible/commit/1d043e082b3b1f3ad35c803137f5d3bcbae92275 (v2.9.13)
CVE-2020-14364 (An out-of-bounds read/write access flaw was found in the USB emulator ...)
@@ -86184,7 +86183,6 @@ CVE-2020-14333 (A flaw was found in Ovirt Engine's web interface in ovirt 4.4 an
NOT-FOR-US: ovirt-engine
CVE-2020-14332 (A flaw was found in the Ansible Engine when using module_args. Tasks e ...)
- ansible 2.9.13+dfsg-1 (bug #966672)
- [buster] - ansible <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1857805
NOTE: https://github.com/ansible/ansible/pull/71033
NOTE: https://github.com/ansible/ansible/commit/6cae9a4b168df776bf82deb04b2c62e00c38b49a (v2.9.12)
@@ -86196,7 +86194,6 @@ CVE-2020-14331 (A flaw was found in the Linux kernel’s implementation of t
NOTE: Only exploitable when CONFIG_VGACON_SOFT_SCROLLBACK is set
CVE-2020-14330 (An Improper Output Neutralization for Logs flaw was found in Ansible w ...)
- ansible 2.9.13+dfsg-1
- [buster] - ansible <no-dsa> (Minor issue)
NOTE: https://github.com/ansible/ansible/issues/68400
NOTE: Initial fix: https://github.com/ansible/ansible/pull/69653
NOTE: Complete fix (reverting first and adding more elaborated fix):
@@ -97324,7 +97321,6 @@ CVE-2020-10730 (A NULL pointer dereference, or possible use-after-free flaw was
NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=9dd458956d7af1b4bbe505ba2ab72235e81c27d0 (for ldb)
CVE-2020-10729 (A flaw was found in the use of insufficiently random values in Ansible ...)
- ansible 2.9.6+dfsg-1
- [buster] - ansible <no-dsa> (Minor issue)
[jessie] - ansible <not-affected> (Vulnerable code introduced later, no variables template caching)
NOTE: https://github.com/ansible/ansible/issues/34144
NOTE: https://github.com/ansible/ansible/pull/67429/
@@ -97506,7 +97502,6 @@ CVE-2020-10686 (A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fi
NOT-FOR-US: Keycloak
CVE-2020-10685 (A flaw was found in Ansible Engine affecting Ansible Engine versions 2 ...)
- ansible 2.9.7+dfsg-1
- [buster] - ansible <no-dsa> (Minor issue)
[jessie] - ansible <not-affected> (Vulnerable code introduced later, all decryption in-memory, no transparent file decryption)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814627
NOTE: https://github.com/ansible/ansible/pull/68433
@@ -97514,7 +97509,6 @@ CVE-2020-10685 (A flaw was found in Ansible Engine affecting Ansible Engine vers
NOTE: Introduced in https://github.com/ansible/ansible/commit/cdf6e3e4bf44fdab62c2e4ccd3f5fd67ea554548 (2.1)
CVE-2020-10684 (A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9. ...)
- ansible 2.9.7+dfsg-1
- [buster] - ansible <no-dsa> (Minor issue)
[stretch] - ansible <not-affected> (Vulnerable code introduced later, 'ansible_facts' variable not exposed)
[jessie] - ansible <not-affected> (Vulnerable code introduced later, 'ansible_facts' variable not exposed)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1815519
@@ -121456,7 +121450,6 @@ CVE-2020-1754
RESERVED
CVE-2020-1753 (A security flaw was found in Ansible Engine, all Ansible 2.7.x version ...)
- ansible 2.9.16+dfsg-1
- [buster] - ansible <no-dsa> (Minor issue)
[stretch] - ansible <not-affected> (Vulnerable code introduced later)
[jessie] - ansible <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1811008
@@ -121499,7 +121492,6 @@ CVE-2020-1747 (A vulnerability was discovered in the PyYAML library in versions
NOTE: https://github.com/yaml/pyyaml/pull/386
CVE-2020-1746 (A flaw was found in the Ansible Engine affecting Ansible Engine versio ...)
- ansible 2.9.7+dfsg-1
- [buster] - ansible <no-dsa> (Minor issue)
[stretch] - ansible <not-affected> (Vulnerable code introduced later)
[jessie] - ansible <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1805491
@@ -121522,14 +121514,12 @@ CVE-2020-1741 (A flaw was found in openshift-ansible. OpenShift Container Platfo
CVE-2020-1740 (A flaw was found in Ansible Engine when using Ansible Vault for editin ...)
{DLA-2202-1}
- ansible 2.9.7+dfsg-1
- [buster] - ansible <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802193
NOTE: https://github.com/ansible/ansible/issues/67798
NOTE: https://github.com/ansible/ansible/pull/68644
CVE-2020-1739 (A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9 ...)
{DLA-2202-1}
- ansible 2.9.7+dfsg-1
- [buster] - ansible <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802178
NOTE: https://github.com/ansible/ansible/issues/67797
NOTE: https://github.com/ansible/ansible/pull/67829
@@ -121556,7 +121546,6 @@ CVE-2020-1736 (A flaw was found in Ansible Engine when a file is moved using ato
NOTE: that accept it, cf. https://github.com/ansible/ansible/commit/7eec8e4d268d6711f317583974e9e936083de636
CVE-2020-1735 (A flaw was found in the Ansible Engine when the fetch module is used. ...)
- ansible 2.9.7+dfsg-1
- [buster] - ansible <no-dsa> (Minor issue)
[jessie] - ansible <not-affected> (No remote expansion in fetch module)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802085
NOTE: https://github.com/ansible/ansible/issues/67793
@@ -121575,7 +121564,6 @@ CVE-2020-1734 (A flaw was found in the pipe lookup plugin of ansible. Arbitrary
CVE-2020-1733 (A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2. ...)
{DLA-2202-1}
- ansible 2.9.7+dfsg-1
- [buster] - ansible <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1801735
NOTE: https://github.com/ansible/ansible/issues/67791
NOTE: https://github.com/ansible/ansible/pull/68921
@@ -137843,7 +137831,6 @@ CVE-2019-14905 (A vulnerability was found in Ansible Engine versions 2.9.x befor
CVE-2019-14904 (A flaw was found in the solaris_zone module from the Ansible Community ...)
{DLA-2535-1}
- ansible 2.9.4+dfsg-1 (low)
- [buster] - ansible <no-dsa> (Minor issue)
[jessie] - ansible <not-affected> (Vulnerable module first bundled in 2.0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1776944
NOTE: https://github.com/ansible/ansible/pull/65686
@@ -138057,7 +138044,6 @@ CVE-2019-14865 (A flaw was found in the grub2-set-bootflag utility of grub2. A l
NOTE: Red Hat-specific patch, get added as 0131-Add-grub-set-bootflag-utility.patch in their SRPM
CVE-2019-14864 (Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible v ...)
- ansible 2.9.2+dfsg-1 (low; bug #943768)
- [buster] - ansible <no-dsa> (Minor issue)
[stretch] - ansible <not-affected> (Vulnerable code was introduced later)
[jessie] - ansible <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/ansible/ansible/issues/63522
@@ -138176,7 +138162,6 @@ CVE-2019-14847 (A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.
CVE-2019-14846 (In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, an ...)
{DLA-2535-1 DLA-2202-1}
- ansible 2.8.6+dfsg-1 (low; bug #942188)
- [buster] - ansible <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1755373
NOTE: https://github.com/ansible/ansible/pull/63366
NOTE: https://github.com/ansible/ansible/commit/90e74dd2600e5cc42dd9b4f4656f3d651c4ce5c4
@@ -152741,7 +152726,6 @@ CVE-2019-14856 (ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760829
CVE-2019-10206 (ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2 ...)
- ansible 2.8.6+dfsg-1 (bug #933005)
- [buster] - ansible <no-dsa> (Minor issue)
[jessie] - ansible <not-affected> (Vulnerable code introduced later, password templating code introduced with 2.0 refactoring, '{{' supported in passwords)
NOTE: https://github.com/ansible/ansible/pull/59246
NOTE: 2.8.x https://github.com/ansible/ansible/pull/59552
@@ -152966,7 +152950,6 @@ CVE-2019-10157 (It was found that Keycloak's Node.js adapter before version 4.8.
CVE-2019-10156 (A flaw was discovered in the way Ansible templating was implemented in ...)
{DLA-2535-1 DLA-1923-1}
- ansible 2.8.3+dfsg-1 (low; bug #930065)
- [buster] - ansible <no-dsa> (Minor issue)
NOTE: https://github.com/ansible/ansible/pull/57188
CVE-2019-10155 (The Libreswan Project has found a vulnerability in the processing of I ...)
- libreswan 3.27-6 (bug #930338)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1d7570f4971ee5d8f40949607774d1acdee4fbe
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1d7570f4971ee5d8f40949607774d1acdee4fbe
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210806/7fdff979/attachment.htm>
More information about the debian-security-tracker-commits
mailing list