[Git][security-tracker-team/security-tracker][master] Mark all open ansible CVE in Stretch as EOL
Markus Koschany (@apo)
apo at debian.org
Sun May 22 23:03:09 BST 2022
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2ca061f8 by Markus Koschany at 2022-05-23T00:02:35+02:00
Mark all open ansible CVE in Stretch as EOL
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -59533,6 +59533,7 @@ CVE-2021-3620 (A flaw was found in Ansible Engine's ansible-connection module, w
- ansible <unfixed>
[bullseye] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)
[buster] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)
+ [stretch] - ansible <end-of-life> (EOL'd for stretch)
- ansible-base <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975767
CVE-2021-35500 (The Data Virtualization Server component of TIBCO Software Inc.'s TIBC ...)
@@ -62360,6 +62361,7 @@ CVE-2021-3583 (A flaw was found in Ansible, where a user's controller is vulnera
- ansible <unfixed>
[bullseye] - ansible <no-dsa> (Minor issue)
[buster] - ansible <no-dsa> (Minor issue)
+ [stretch] - ansible <end-of-life> (EOL'd for stretch)
- ansible-base <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1968412
NOTE: https://github.com/ansible/ansible/commit/4c8c40fd3d4a58defdc80e7d22aa8d26b731353e.patch
@@ -68129,6 +68131,7 @@ CVE-2021-3533 (A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC
- ansible <unfixed>
[bullseye] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)
[buster] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)
+ [stretch] - ansible <end-of-life> (EOL'd for stretch)
- ansible-base <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1956477
CVE-2021-32026
@@ -68165,6 +68168,7 @@ CVE-2021-3532 (A flaw was found in Ansible where the secret information present
- ansible <unfixed>
[bullseye] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)
[buster] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)
+ [stretch] - ansible <end-of-life> (EOL'd for stretch)
- ansible-base <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1956464
CVE-2021-3531 (A flaw was found in the Red Hat Ceph Storage RGW in versions before 14 ...)
@@ -99309,6 +99313,7 @@ CVE-2021-20228 (A flaw was found in the Ansible Engine 2.9.18, where sensitive i
{DSA-4950-1}
- ansible 2.10.7+merged+base+2.10.8+dfsg-1
- ansible-base <removed>
+ [stretch] - ansible <end-of-life> (EOL'd for stretch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1925002
NOTE: https://github.com/ansible/ansible/pull/73487
CVE-2021-20227 (A flaw was found in SQLite's SELECT query functionality (src/select.c) ...)
@@ -99502,6 +99507,7 @@ CVE-2021-20191 (A flaw was found in ansible. Credentials, such as secrets, are b
- ansible <unfixed> (bug #985753)
[bullseye] - ansible <no-dsa> (Minor issue)
[buster] - ansible <no-dsa> (Minor issue)
+ [stretch] - ansible <end-of-life> (EOL'd for stretch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1916813
NOTE: https://github.com/ansible-collections/cisco.nxos/pull/227
NOTE: https://github.com/ansible-collections/cisco.nxos/commit/120956963f47502151a358e4a7bc2a87f71813aa
@@ -99542,6 +99548,7 @@ CVE-2021-20180 (A flaw was found in ansible module where credentials are disclos
- ansible <unfixed> (bug #985753)
[bullseye] - ansible <no-dsa> (Minor issue)
[buster] - ansible <no-dsa> (Minor issue)
+ [stretch] - ansible <end-of-life> (EOL'd for stretch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1915808
NOTE: https://github.com/ansible-collections/community.general/pull/1635
NOTE: https://github.com/ansible-collections/community.general/commit/1d0c5e2ba47724c31a18d7b08b9daf13df8829dc
@@ -99552,6 +99559,7 @@ CVE-2021-20178 (A flaw was found in ansible module where credentials are disclos
- ansible <unfixed> (bug #985753)
[bullseye] - ansible <no-dsa> (Minor issue)
[buster] - ansible <no-dsa> (Minor issue)
+ [stretch] - ansible <end-of-life> (EOL'd for stretch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1914774
NOTE: https://github.com/ansible-collections/community.general/pull/1621
NOTE: https://github.com/ansible-collections/community.general/commit/3560aeb12f7061bf21d63ca0e1e19feb99c57de3
@@ -142170,6 +142178,7 @@ CVE-2020-14333 (A flaw was found in Ovirt Engine's web interface in ovirt 4.4 an
CVE-2020-14332 (A flaw was found in the Ansible Engine when using module_args. Tasks e ...)
{DSA-4950-1}
- ansible 2.9.13+dfsg-1 (bug #966672)
+ [stretch] - ansible <end-of-life> (EOL'd for stretch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1857805
NOTE: https://github.com/ansible/ansible/pull/71033
NOTE: https://github.com/ansible/ansible/commit/6cae9a4b168df776bf82deb04b2c62e00c38b49a (v2.9.12)
@@ -142182,6 +142191,7 @@ CVE-2020-14331 (A flaw was found in the Linux kernel’s implementation of t
CVE-2020-14330 (An Improper Output Neutralization for Logs flaw was found in Ansible w ...)
{DSA-4950-1}
- ansible 2.9.13+dfsg-1
+ [stretch] - ansible <end-of-life> (EOL'd for stretch)
NOTE: https://github.com/ansible/ansible/issues/68400
NOTE: Initial fix: https://github.com/ansible/ansible/pull/69653
NOTE: Complete fix (reverting first and adding more elaborated fix):
@@ -153329,6 +153339,7 @@ CVE-2020-10730 (A NULL pointer dereference, or possible use-after-free flaw was
CVE-2020-10729 (A flaw was found in the use of insufficiently random values in Ansible ...)
{DSA-4950-1}
- ansible 2.9.6+dfsg-1
+ [stretch] - ansible <end-of-life> (EOL'd for stretch)
[jessie] - ansible <not-affected> (Vulnerable code introduced later, no variables template caching)
NOTE: https://github.com/ansible/ansible/issues/34144
NOTE: https://github.com/ansible/ansible/pull/67429/
@@ -153514,6 +153525,7 @@ CVE-2020-10686 (A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fi
CVE-2020-10685 (A flaw was found in Ansible Engine affecting Ansible Engine versions 2 ...)
{DSA-4950-1}
- ansible 2.9.7+dfsg-1
+ [stretch] - ansible <end-of-life> (EOL'd for stretch)
[jessie] - ansible <not-affected> (Vulnerable code introduced later, all decryption in-memory, no transparent file decryption)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814627
NOTE: https://github.com/ansible/ansible/pull/68433
@@ -153522,6 +153534,7 @@ CVE-2020-10685 (A flaw was found in Ansible Engine affecting Ansible Engine vers
CVE-2020-10684 (A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9. ...)
{DSA-4950-1}
- ansible 2.9.7+dfsg-1
+ [stretch] - ansible <end-of-life> (EOL'd for stretch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1815519
NOTE: https://github.com/ansible/ansible/pull/68431
NOTE: https://github.com/ansible/ansible/commit/a9d2ceafe429171c0e2ad007058b88bae57c74ce
@@ -177566,12 +177579,14 @@ CVE-2020-1741 (A flaw was found in openshift-ansible. OpenShift Container Platfo
CVE-2020-1740 (A flaw was found in Ansible Engine when using Ansible Vault for editin ...)
{DSA-4950-1 DLA-2202-1}
- ansible 2.9.7+dfsg-1
+ [stretch] - ansible <end-of-life> (EOL'd for stretch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802193
NOTE: https://github.com/ansible/ansible/issues/67798
NOTE: https://github.com/ansible/ansible/pull/68644
CVE-2020-1739 (A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9 ...)
{DSA-4950-1 DLA-2202-1}
- ansible 2.9.7+dfsg-1
+ [stretch] - ansible <end-of-life> (EOL'd for stretch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802178
NOTE: https://github.com/ansible/ansible/issues/67797
NOTE: https://github.com/ansible/ansible/pull/67829
@@ -177599,6 +177614,7 @@ CVE-2020-1736 (A flaw was found in Ansible Engine when a file is moved using ato
CVE-2020-1735 (A flaw was found in the Ansible Engine when the fetch module is used. ...)
{DSA-4950-1}
- ansible 2.9.7+dfsg-1
+ [stretch] - ansible <end-of-life> (EOL'd for stretch)
[jessie] - ansible <not-affected> (No remote expansion in fetch module)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802085
NOTE: https://github.com/ansible/ansible/issues/67793
@@ -177617,6 +177633,7 @@ CVE-2020-1734 (A flaw was found in the pipe lookup plugin of ansible. Arbitrary
CVE-2020-1733 (A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2. ...)
{DSA-4950-1 DLA-2202-1}
- ansible 2.9.7+dfsg-1
+ [stretch] - ansible <end-of-life> (EOL'd for stretch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1801735
NOTE: https://github.com/ansible/ansible/issues/67791
NOTE: https://github.com/ansible/ansible/pull/68921
@@ -208774,6 +208791,7 @@ CVE-2019-14856 (ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a
CVE-2019-10206 (ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2 ...)
{DSA-4950-1}
- ansible 2.8.6+dfsg-1 (bug #933005)
+ [stretch] - ansible <end-of-life> (EOL'd for stretch)
[jessie] - ansible <not-affected> (Vulnerable code introduced later, password templating code introduced with 2.0 refactoring, '{{' supported in passwords)
NOTE: https://github.com/ansible/ansible/pull/59246
NOTE: 2.8.x https://github.com/ansible/ansible/pull/59552
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ca061f879b47aba252839d288e47fa0309f74b9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ca061f879b47aba252839d288e47fa0309f74b9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220522/a5b013ff/attachment.htm>
More information about the debian-security-tracker-commits
mailing list