Hi again, On 12/10/19 12:43 am, Chris Lamb wrote: > Hi Utkarsh, > >> I recently saw your note regarding ansible, saying that the affected >> code is in lib/ansible/callbacks.py. >> However, the upstream claims to have fixed this in this pull request[1] >> and it doesn't seem that the affected file is callbacks.py. > Sure. So, upstream's pull request is naturally for the master/current branch and my comment was regarding the somewhat older version in jessie. > > I have clarified this here: > > https://salsa.debian.org/security-tracker-team/security-tracker/commit/ffed84c32815c12003d81bb4194eed5d743e3ebc From what I found out, this isn't really affecting the version in the archive. I might be wrong, since not much information is available about this CVE. Though I've pinged the security team, I'd wait for a little to get more clarification on this :) Best, Utkarsh
Attachment:
signature.asc
Description: OpenPGP digital signature