[Git][security-tracker-team/security-tracker][master] new ansible-runner issue, one n/a

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Aug 19 12:14:14 BST 2021



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
55b2f406 by Moritz Muehlenhoff at 2021-08-19T13:13:29+02:00
new ansible-runner issue, one n/a
nbdkit, qemu no-dsa
concludes external check

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -122,6 +122,7 @@ CVE-2021-39246
 CVE-2021-3716 [NBD_OPT_STRUCTURED_REPLY injection on STARTTLS]
 	RESERVED
 	- nbdkit <unfixed>
+	[bullseye] - nbdkit <no-dsa> (Minor issue)
 	[buster] - nbdkit <not-affected> (Vulnerable code introduced later)
 	[stretch] - nbdkit <not-affected> (Vulnerable code introduced later)
 	NOTE: Introduced by: https://github.com/libguestfs/nbdkit/commit/eaa4c6e9a2c4bdb71aefdd4b1d865e7a9af606a8 (v1.11.8)
@@ -179,8 +180,9 @@ CVE-2021-39231
 CVE-2021-3713 [out-of-bounds write in UAS (USB Attached SCSI) device emulation]
 	RESERVED
 	- qemu <unfixed>
+	[bullseye] - qemu <no-dsa> (Minor issue)
+	[buster] - qemu <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1994640
-	TODO: check details
 CVE-2021-39230
 	RESERVED
 CVE-2021-39229
@@ -1561,8 +1563,14 @@ CVE-2021-3703
 	RESERVED
 CVE-2021-3702
 	RESERVED
+	- ansible-runner <not-affected> (Vulnerable code introduced later)
+	NOTE: https://github.com/ansible/ansible-runner/pull/742/commits/0e9aa8a97e7832ef9a1553ef2908632a32d2b8c4
+	NOTE: Introduced in https://github.com/ansible/ansible-runner/commit/93e95a3df9021a38010386d07df121392d249253
 CVE-2021-3701
 	RESERVED
+	- ansible-runner <unfixed>
+	NOTE: https://github.com/ansible/ansible-runner/issues/738
+	NOTE: https://github.com/ansible/ansible-runner/pull/742/commits/60b059f00409224acae1e417153a241c8591ad89
 CVE-2021-3700
 	RESERVED
 CVE-2021-38562



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55b2f406dc03cc84ee77035bcf1823665984c1d4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55b2f406dc03cc84ee77035bcf1823665984c1d4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210819/dda2460a/attachment.htm>


More information about the debian-security-tracker-commits mailing list