[Git][security-tracker-team/security-tracker][master] Reserve DLA-4502-1 for ansible

Lee Garrett (@lgarrett) gitlab at salsa.debian.org
Tue Mar 17 22:59:24 GMT 2026 


Lee Garrett pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aaffc355 by Lee Garrett at 2026-03-17T23:59:13+01:00
Reserve DLA-4502-1 for ansible

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[17 Mar 2026] DLA-4502-1 ansible - security update
+	{CVE-2024-11079}
+	[bullseye] - ansible 2.10.7+merged+base+2.10.17+dfsg-0+deb11u4
 [14 Mar 2026] DLA-4501-1 wireless-regdb - security update
 	[bullseye] - wireless-regdb 2026.02.04-1~deb11u1
 [14 Mar 2026] DLA-4500-1 gimp - security update


=====================================
data/dla-needed.txt
=====================================
@@ -39,15 +39,6 @@ amd64-microcode
   NOTE: 20251224: See also 1109035#52 for updates from maintainer,
   NOTE: 20251224: I think the required kernel microcode driver patch are: https://lists.openwall.net/linux-kernel/2025/10/27/1012
 --
-ansible (lee)
-  NOTE: 20240915: Added by Front-Desk (ta)
-  NOTE: 20241103: Fixed sid, bookworm, and bullseye (rouca)
-  NOTE: 20241103: Bullseye autopkgtest fail (unrelated to fix) try to fix before release (rouca)
-  NOTE: 20241120: Waiting for release by Lee testsuite is ok (rouca)
-  NOTE: 20241123: Made a partial release. only CVE-2024-11079 needed but more upstream backport work needed (rouca)
-  NOTE: 20250422: Testing/bisecting will take more time, please keep it assigned to me (lee)
-  NOTE: 20260126: #debian-elts I got closer to fixing the issue, but I still haven't completely understood why some upstream tests fail with my patch for CVE-2024-11079. I've also evaluated CVE-2025-14010, ansible in bullseye and lower is not affected. (lee)
---
 asterisk (slyon)
   NOTE: 20260220: Added by Front-Desk (rouca)
   NOTE: 20260220: Investigate if possible to harden CVE-2026-23740 by tmp private unshare (systemd) (rouca)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aaffc35591bdd106d3fa7855f7c9add406d29577

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aaffc35591bdd106d3fa7855f7c9add406d29577
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260317/8f668d5d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list