[Git][security-tracker-team/security-tracker][master] Track ansible issues which were included in last point release

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Nov 2 08:49:14 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b891cdd6 by Salvatore Bonaccorso at 2024-11-02T09:48:30+01:00
Track ansible issues which were included in last point release

Thanks: Bastien Roucariès

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -79344,7 +79344,7 @@ CVE-2024-0690 (An information disclosure flaw was found in ansible-core due to a
 	- ansible-core 2.16.5-1 (bug #1061156)
 	[bookworm] - ansible-core 2.14.16-0+deb12u1
 	- ansible 5.4.0-1
-	[bullseye] - ansible <no-dsa> (Minor issue)
+	[bullseye] - ansible 2.10.7+merged+base+2.10.17+dfsg-0+deb11u1
 	NOTE: ansible-core was split off from src:ansible with 4.6.0-1 in experimental/5.4.0-1 in sid
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2259013
 	NOTE: https://github.com/ansible/ansible/pull/82565
@@ -90614,7 +90614,7 @@ CVE-2023-5764 (A template injection flaw was found in Ansible where a user's con
 	- ansible-core 2.14.13-1 (bug #1057427)
 	[bookworm] - ansible-core 2.14.16-0+deb12u1
 	- ansible 5.4.0-1
-	[bullseye] - ansible <no-dsa> (Minor issue)
+	[bullseye] - ansible 2.10.7+merged+base+2.10.17+dfsg-0+deb11u1
 	NOTE: ansible-core was split off from src:ansible with 4.6.0-1 in experimental/5.4.0-1 in sid
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2247629
 	NOTE: https://github.com/ansible/ansible/pull/82293 (stable-2.16)
@@ -100580,7 +100580,7 @@ CVE-2023-5115 (An absolute path traversal attack exists in the Ansible automatio
 	[bookworm] - ansible-core 2.14.16-0+deb12u1
 	[bullseye] - ansible-core <no-dsa> (Minor issue)
 	- ansible 5.4.0-1
-	[bullseye] - ansible <no-dsa> (Minor issue)
+	[bullseye] - ansible 2.10.7+merged+base+2.10.17+dfsg-0+deb11u1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2233810
 	NOTE: https://github.com/ansible/ansible/pull/81780
 	NOTE: https://github.com/ansible/ansible/commit/ddf0311c63287e2d5334770377350c1e0cbfff28
@@ -101484,7 +101484,7 @@ CVE-2023-37611 (Cross Site Scripting (XSS) vulnerability in Neos CMS 8.3.3 allow
 CVE-2023-4237 (A flaw was found in the Ansible Automation Platform. When creating a n ...)
 	- ansible 9.4.0+dfsg-1 (bug #1055300)
 	[bookworm] - ansible 7.7.0+dfsg-3+deb12u1
-	[bullseye] - ansible <no-dsa> (Minor issue)
+	[bullseye] - ansible 2.10.7+merged+base+2.10.17+dfsg-0+deb11u1
 	[buster] - ansible <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2229979
 	NOTE: https://github.com/advisories/GHSA-ww3m-ffrm-qvqv
@@ -164072,7 +164072,7 @@ CVE-2022-3698 (A denial of service vulnerability was reported in the Lenovo Hard
 CVE-2022-3697 (A flaw was found in Ansible in the amazon.aws collection when using th ...)
 	{DLA-3695-1}
 	- ansible 7.0.0+dfsg-1
-	[bullseye] - ansible <no-dsa> (Minor issue)
+	[bullseye] - ansible 2.10.7+merged+base+2.10.17+dfsg-0+deb11u1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2137664
 	NOTE: https://github.com/ansible-collections/amazon.aws/pull/1199
 CVE-2022-3696 (A post-auth code injection vulnerability allows admins to execute code ...)
@@ -260421,7 +260421,7 @@ CVE-2021-3620 (A flaw was found in Ansible Engine's ansible-connection module, w
 	{DLA-3695-1}
 	- ansible-core 2.12.0-1
 	- ansible 5.4.0-1
-	[bullseye] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)
+	[bullseye] - ansible 2.10.7+merged+base+2.10.17+dfsg-0+deb11u1
 	[stretch] - ansible <end-of-life> (EOL'd for stretch)
 	- ansible-base <removed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975767
@@ -263261,7 +263261,7 @@ CVE-2021-3584 (A server side remote code execution vulnerability was found in Fo
 CVE-2021-3583 (A flaw was found in Ansible, where a user's controller is vulnerable t ...)
 	{DLA-3695-1}
 	- ansible 5.4.0-1
-	[bullseye] - ansible <no-dsa> (Minor issue)
+	[bullseye] - ansible 2.10.7+merged+base+2.10.17+dfsg-0+deb11u1
 	[stretch] - ansible <end-of-life> (EOL'd for stretch)
 	- ansible-core 2.12.0-1
 	- ansible-base <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b891cdd67cee9cd8287a4e62b4578fa7727a7986

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b891cdd67cee9cd8287a4e62b4578fa7727a7986
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241102/e614ff26/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list