[Secure-testing-team] Bug#842985: ansible: CVE-2016-8628: Command injection by compromised server via fact variables
Salvatore Bonaccorso
carnil at debian.org
Wed Nov 2 19:40:35 UTC 2016
Source: ansible
Version: 2.1.1.0-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for ansible.
CVE-2016-8628[0]:
Command injection by compromised server via fact variables
Details are though bit scarce yet, no upstream reference handy for
the fixing commit.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-8628
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1388113
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list