CVE-2020-1746/ansible fixed in unstable via 2.9.7 upload

author: Salvatore Bonaccorso <carnil@debian.org> 2020-05-31 09:47:58 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2020-05-31 09:47:58 +0200
commit: 62004af88abf9ea0ac9119efa4bccd2b60e0f640 (patch)
tree: b4d23f51e17e54688d7b54d9f4e260b39eab8e06
parent: edcea2c9d566aa6f5b6c276de9f50c9a8fa70c35 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020
index 896270c755..08569116d7 100644
--- a/data/CVE/list.2020
+++ b/data/CVE/list.2020
@@ -26795,11 +26795,12 @@ CVE-2020-1747 (A vulnerability was discovered in the PyYAML library in versions
 	[jessie] - pyyaml <not-affected> (Loader/Constructor classes are unsafe in this version)
 	NOTE: https://github.com/yaml/pyyaml/pull/386
 CVE-2020-1746 (A flaw was found in the Ansible Engine affecting Ansible Engine versio ...)
-	- ansible <unfixed>
+	- ansible 2.9.7+dfsg-1
 	[stretch] - ansible <not-affected> (Vulnerable code introduced later)
 	[jessie] - ansible <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1805491
 	NOTE: https://github.com/ansible/ansible/pull/67866
+	NOTE: Fixed by: https://github.com/ansible/ansible/commit/d41e38435b1a9e300d8011ac28f16a5add2db119 (v2.9.7)
 CVE-2020-1745 (A file inclusion vulnerability was found in the AJP connector enabled  ...)
 	- undertow 2.0.30-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1807305
author	Salvatore Bonaccorso <carnil@debian.org>	2020-05-31 09:47:58 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2020-05-31 09:47:58 +0200
commit	62004af88abf9ea0ac9119efa4bccd2b60e0f640 (patch)
tree	b4d23f51e17e54688d7b54d9f4e260b39eab8e06
parent	edcea2c9d566aa6f5b6c276de9f50c9a8fa70c35 (diff)