Brian May pushed to branch master at Debian Security Tracker / security-tracker
Commits: 30d7d0ff by Brian May at 2020-05-08T07:31:43+10:00 Update notes for ansible - - - - - 1 changed file: - data/dla-needed.txt Changes: ===================================== data/dla-needed.txt ===================================== @@ -11,12 +11,15 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues -- ansible - NOTE: 20200506: DLA-2202-1 from (20200505) covers CVE-2019-14846, - NOTE: 20200506: CVE-2020-1733, CVE-2020-1739 and CVE-2020-1740 but not - NOTE: 20200506: CVE-2020-1736. The version in jessie does not use the - NOTE: 20200506: `_DEFAULT_PERM` global variable but hardcodes 0777 and 0666 + NOTE: 20200506: CVE-2020-1736: The version in jessie does not use the + NOTE: 20200506: `_DEFAULT_PERM` global variable but hardcodes 0666 NOTE: 20200506: in the atomic_move code in basic.py, so is likely vulnerable. NOTE: 20200506: (lamby) + NOTE: 20200508: bam: Problem exists with new files only. Existing files + NOTE: 20200508: bam: code resets permissions to same value, should be fine. + NOTE: 20200508: bam: Upstream fix was to use 660 - https://github.com/ansible/ansible/pull/68970 + NOTE: 20200508: bam: Upstream fix was reverted - https://github.com/ansible/ansible/pull/68983 + NOTE: 20200508: bam: See https://github.com/ansible/ansible/issues/67794 -- apache-log4j2 (Abhijith PA) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30d7d0ff2ca51867e1917a180573e6597f940118 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30d7d0ff2ca51867e1917a180573e6597f940118 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
