Re: Question regarding ansible (CVE-2019-14846)

To: "Utkarsh Gupta" <guptautkarsh2102@gmail.com>
Cc: debian-lts@lists.debian.org
Subject: Re: Question regarding ansible (CVE-2019-14846)
From: "Chris Lamb" <lamby@debian.org>
Date: Fri, 11 Oct 2019 19:13:03 -0000
Message-id: <[🔎] 087b0603-d1ba-4a84-ad58-925baa046daf@www.fastmail.com>
In-reply-to: <[🔎] d131b402-85eb-5b3c-0280-a8c32b132f70@gmail.com>
References: <[🔎] d131b402-85eb-5b3c-0280-a8c32b132f70@gmail.com>

Hi Utkarsh,

> I recently saw your note regarding ansible, saying that the affected
> code is in lib/ansible/callbacks.py.
> However, the upstream claims to have fixed this in this pull request[1]
> and it doesn't seem that the affected file is callbacks.py.

Sure. So, upstream's pull request is naturally for the master/current branch and my comment was regarding the somewhat older version in jessie.

I have clarified this here:

  https://salsa.debian.org/security-tracker-team/security-tracker/commit/ffed84c32815c12003d81bb4194eed5d743e3ebc


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org 🍥 chris-lamb.co.uk
       `-

Reply to:

Follow-Ups:
- Re: Question regarding ansible (CVE-2019-14846)
  - From: Utkarsh Gupta <guptautkarsh2102@gmail.com>
- Re: Question regarding ansible (CVE-2019-14846)
  - From: Utkarsh Gupta <guptautkarsh2102@gmail.com>

References:
- Question regarding ansible (CVE-2019-14846)
  - From: Utkarsh Gupta <guptautkarsh2102@gmail.com>

Prev by Date: Question regarding ansible (CVE-2019-14846)
Next by Date: Re: Question regarding ansible (CVE-2019-14846)
Previous by thread: Question regarding ansible (CVE-2019-14846)
Next by thread: Re: Question regarding ansible (CVE-2019-14846)
Index(es):
- Date
- Thread