[Git][security-tracker-team/security-tracker][master] Adjust tracking for CVE-2021-20178

Sun Jun 2 20:28:12 BST 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5a4fc20a by Salvatore Bonaccorso at 2024-06-02T21:27:31+02:00
Adjust tracking for CVE-2021-20178

That a patch is shipped within a version does not make it not-affected
as it means that the issue has been fixed at some point. In this case
indeed the first version in unstable containing the fix (in unstable) is
the 2.10.7-1 version. Mark this as the fixed version.

Fixes: 9080069ae660 ("Mark bullseye as unaffected by CVE-2021-20178")

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -261945,8 +261945,7 @@ CVE-2021-20179 (A flaw was found in pki-core. An attacker who has successfully c
 	NOTE: https://github.com/dogtagpki/pki/pull/3475
 CVE-2021-20178 (A flaw was found in ansible module where credentials are disclosed in  ...)
 	{DLA-3695-1}
-	- ansible 5.4.0-1 (bug #985753)
-	[bullseye] - ansible <not-affected> (Vulnerable code not present)
+	- ansible 2.10.7-1 (bug #985753)
 	[stretch] - ansible <end-of-life> (EOL'd for stretch)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1914774
 	NOTE: https://github.com/ansible-collections/community.general/pull/1621



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a4fc20a722c8a546513ba06f55e6a5ac00b4464

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a4fc20a722c8a546513ba06f55e6a5ac00b4464
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240602/8a09a59d/attachment-0001.htm>
