[Git][security-tracker-team/security-tracker][master] Correct status of CVE-2019-14864 and CVE-2019-14858,ansible,stretch.
Markus Koschany
apo at debian.org
Wed Jan 27 15:46:16 GMT 2021
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
867329f8 by Markus Koschany at 2021-01-27T16:45:04+01:00
Correct status of CVE-2019-14864 and CVE-2019-14858,ansible,stretch.
The vulnerable code was introduced later thus ansible in Stretch is not
vulnerable.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -106824,7 +106824,7 @@ CVE-2019-14865 (A flaw was found in the grub2-set-bootflag utility of grub2. A l
CVE-2019-14864 (Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible v ...)
- ansible 2.9.2+dfsg-1 (low; bug #943768)
[buster] - ansible <no-dsa> (Minor issue)
- [stretch] - ansible <no-dsa> (Minor issue)
+ [stretch] - ansible <not-affected> (Vulnerable code was introduced later)
[jessie] - ansible <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/ansible/ansible/issues/63522
NOTE: https://github.com/ansible/ansible/pull/63527
@@ -106861,7 +106861,7 @@ CVE-2019-14859 (A flaw was found in all python-ecdsa versions before 0.13.3, whe
CVE-2019-14858 (A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible ...)
- ansible 2.8.6+dfsg-1 (bug #942332)
[buster] - ansible <no-dsa> (Minor issue)
- [stretch] - ansible <no-dsa> (Minor issue)
+ [stretch] - ansible <not-affected> (Vulnerable code was introduced later)
[jessie] - ansible <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760593
NOTE: https://github.com/ansible/ansible/pull/63405
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/867329f844733602295c0e909bca62e828d502e0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/867329f844733602295c0e909bca62e828d502e0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210127/ae1b73ec/attachment.html>
More information about the debian-security-tracker-commits
mailing list