Re: Question regarding ansible (CVE-2019-14846)
Hi Utkarsh,
> I recently saw your note regarding ansible, saying that the affected
> code is in lib/ansible/callbacks.py.
> However, the upstream claims to have fixed this in this pull request[1]
> and it doesn't seem that the affected file is callbacks.py.
Sure. So, upstream's pull request is naturally for the master/current branch and my comment was regarding the somewhat older version in jessie.
I have clarified this here:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ffed84c32815c12003d81bb4194eed5d743e3ebc
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org 🍥 chris-lamb.co.uk
`-
Reply to: