FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  452465
Date:      2017-10-19
Time:      19:59:15Z
Committer: swills

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
72fccfdf-2061-11e5-a4a5-002590263bf5ansible -- multiple vulnerabilities

Ansible, Inc. reports:

Ensure that hostnames match certificate names when using HTTPS - resolved in Ansible 1.9.2

Improper symlink handling in zone, jail, and chroot connection plugins could lead to escape from confined environment - resolved in Ansible 1.9.2


Discovery 2015-06-25
Entry 2015-07-02
Modified 2015-08-18
ansible
lt 1.9.2

CVE-2015-3908
CVE-2015-6240
http://www.ansible.com/security
https://raw.githubusercontent.com/ansible/ansible/v1.9.2-1/CHANGELOG.md
15a04b9f-47cb-11e7-a853-001fbc0f280fansible -- Input validation flaw in jinja2 templating system

RedHat security team reports:

An input validation flaw was found in Ansible, where it fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, result in code execution.


Discovery 2017-05-09
Entry 2017-06-02
ansible
lt 2.3.1

https://access.redhat.com/security/cve/cve-2017-7481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7481
2c493ac8-205e-11e5-a4a5-002590263bf5ansible -- remote code execution vulnerability

Ansible, Inc. reports:

Incomplete Fix Remote Code Execution Vulnerability - Fixed in Ansible 1.6.4


Discovery 2014-06-25
Entry 2015-07-02
ansible
lt 1.6.4

CVE-2014-4678
68335
http://www.ansible.com/security
https://raw.githubusercontent.com/ansible/ansible/devel/CHANGELOG.md
e308c61a-2060-11e5-a4a5-002590263bf5ansible -- multiple vulnerabilities

Ansible, Inc. reports:

Arbitrary execution from data from compromised remote hosts or local data when using a legacy Ansible syntax - resolved in Ansible 1.7

ansible-galaxy command when used on local tarballs (and not galaxy.ansible.com) can install a malformed tarball if so provided - resolved in Ansible 1.7


Discovery 2014-08-06
Entry 2015-07-02
ansible
lt 1.7

http://www.ansible.com/security
https://raw.githubusercontent.com/ansible/ansible/devel/CHANGELOG.md
478d4102-2319-4026-b3b2-a57c48f159acansible -- information disclosure flaw

ansible developers report:

Ansible versions 2.2.3 and earlier are vulnerable to an information disclosure flaw due to the interaction of call back plugins and the no_log directive where the information may not be sanitized properly.


Discovery 2017-07-21
Entry 2017-09-25
ansible
le 2.2.3

https://github.com/ansible/ansible/issues/22505
CVE-2017-7473
9dae9d62-205f-11e5-a4a5-002590263bf5ansible -- code execution from compromised remote host data or untrusted local data

Ansible, Inc. reports:

Arbitrary execution from data from compromised remote hosts or untrusted local data - resolved in Ansible 1.6.7


Discovery 2014-07-21
Entry 2015-07-02
ansible
lt 1.6.7

CVE-2014-4966
68794
http://www.ansible.com/security
https://raw.githubusercontent.com/ansible/ansible/devel/CHANGELOG.md