[Git][security-tracker-team/security-tracker][master] Track ansible issues which were included in last point release

Sat, 02 Nov 2024 01:49:36 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b891cdd6 by Salvatore Bonaccorso at 2024-11-02T09:48:30+01:00
Track ansible issues which were included in last point release

Thanks: Bastien Roucariès

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -79344,7 +79344,7 @@ CVE-2024-0690 (An information disclosure flaw was found 
in ansible-core due to a
        - ansible-core 2.16.5-1 (bug #1061156)
        [bookworm] - ansible-core 2.14.16-0+deb12u1
        - ansible 5.4.0-1
-       [bullseye] - ansible <no-dsa> (Minor issue)
+       [bullseye] - ansible 2.10.7+merged+base+2.10.17+dfsg-0+deb11u1
        NOTE: ansible-core was split off from src:ansible with 4.6.0-1 in 
experimental/5.4.0-1 in sid
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2259013
        NOTE: https://github.com/ansible/ansible/pull/82565
@@ -90614,7 +90614,7 @@ CVE-2023-5764 (A template injection flaw was found in 
Ansible where a user's con
        - ansible-core 2.14.13-1 (bug #1057427)
        [bookworm] - ansible-core 2.14.16-0+deb12u1
        - ansible 5.4.0-1
-       [bullseye] - ansible <no-dsa> (Minor issue)
+       [bullseye] - ansible 2.10.7+merged+base+2.10.17+dfsg-0+deb11u1
        NOTE: ansible-core was split off from src:ansible with 4.6.0-1 in 
experimental/5.4.0-1 in sid
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2247629
        NOTE: https://github.com/ansible/ansible/pull/82293 (stable-2.16)
@@ -100580,7 +100580,7 @@ CVE-2023-5115 (An absolute path traversal attack 
exists in the Ansible automatio
        [bookworm] - ansible-core 2.14.16-0+deb12u1
        [bullseye] - ansible-core <no-dsa> (Minor issue)
        - ansible 5.4.0-1
-       [bullseye] - ansible <no-dsa> (Minor issue)
+       [bullseye] - ansible 2.10.7+merged+base+2.10.17+dfsg-0+deb11u1
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2233810
        NOTE: https://github.com/ansible/ansible/pull/81780
        NOTE: 
https://github.com/ansible/ansible/commit/ddf0311c63287e2d5334770377350c1e0cbfff28
@@ -101484,7 +101484,7 @@ CVE-2023-37611 (Cross Site Scripting (XSS) 
vulnerability in Neos CMS 8.3.3 allow
 CVE-2023-4237 (A flaw was found in the Ansible Automation Platform. When 
creating a n ...)
        - ansible 9.4.0+dfsg-1 (bug #1055300)
        [bookworm] - ansible 7.7.0+dfsg-3+deb12u1
-       [bullseye] - ansible <no-dsa> (Minor issue)
+       [bullseye] - ansible 2.10.7+merged+base+2.10.17+dfsg-0+deb11u1
        [buster] - ansible <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2229979
        NOTE: https://github.com/advisories/GHSA-ww3m-ffrm-qvqv
@@ -164072,7 +164072,7 @@ CVE-2022-3698 (A denial of service vulnerability was 
reported in the Lenovo Hard
 CVE-2022-3697 (A flaw was found in Ansible in the amazon.aws collection when 
using th ...)
        {DLA-3695-1}
        - ansible 7.0.0+dfsg-1
-       [bullseye] - ansible <no-dsa> (Minor issue)
+       [bullseye] - ansible 2.10.7+merged+base+2.10.17+dfsg-0+deb11u1
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2137664
        NOTE: https://github.com/ansible-collections/amazon.aws/pull/1199
 CVE-2022-3696 (A post-auth code injection vulnerability allows admins to 
execute code ...)
@@ -260421,7 +260421,7 @@ CVE-2021-3620 (A flaw was found in Ansible Engine's 
ansible-connection module, w
        {DLA-3695-1}
        - ansible-core 2.12.0-1
        - ansible 5.4.0-1
-       [bullseye] - ansible <postponed> (Minor issue, revisit when/if fixed 
upstream)
+       [bullseye] - ansible 2.10.7+merged+base+2.10.17+dfsg-0+deb11u1
        [stretch] - ansible <end-of-life> (EOL'd for stretch)
        - ansible-base <removed>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975767
@@ -263261,7 +263261,7 @@ CVE-2021-3584 (A server side remote code execution 
vulnerability was found in Fo
 CVE-2021-3583 (A flaw was found in Ansible, where a user's controller is 
vulnerable t ...)
        {DLA-3695-1}
        - ansible 5.4.0-1
-       [bullseye] - ansible <no-dsa> (Minor issue)
+       [bullseye] - ansible 2.10.7+merged+base+2.10.17+dfsg-0+deb11u1
        [stretch] - ansible <end-of-life> (EOL'd for stretch)
        - ansible-core 2.12.0-1
        - ansible-base <removed>



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b891cdd67cee9cd8287a4e62b4578fa7727a7986

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b891cdd67cee9cd8287a4e62b4578fa7727a7986
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to