oss-sec mailing list archives
Re: Re: Ansible CVE requests
From: Brian Harring <ferringb () gmail com>
Date: Wed, 2 Jul 2014 11:37:16 -0400
On Wed, Jul 2, 2014 at 11:08 AM, Florian Weimer <fweimer () redhat com> wrote:
On 07/02/2014 04:49 PM, cve-assign () mitre org wrote:Additional CVE IDs (at least two) will be assigned for: A. The 2014-06-25 ansible-announce "Ansible 1.6.5 - updated security fix" message at https://groups.google.com/forum/message/raw?msg=ansible- announce/A1px5egCnGQ/jH6f5HM7kpkJI think the change in 1.6.5 was an attempt to fix a functionality regression, not something that actually added restrictions to the sandbox. I am aware that this assessment is at odds with what upstream has stated, so you might want to assign a CVE nevertheless.
The change in 1.6.5 was in response to new vulnerabilities I reported- it's a separate CVE. Thanks- ~brian
Current thread:
- Re: Ansible CVE requests cve-assign (Jul 02)
- Re: Ansible CVE requests Florian Weimer (Jul 02)
- Re: Re: Ansible CVE requests Brian Harring (Jul 02)
- Re: Ansible CVE requests Florian Weimer (Jul 02)