CVE-2016-8647

NameCVE-2016-8647
DescriptionAn input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs844691

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ansible (PTS)bullseye2.10.7+merged+base+2.10.17+dfsg-0+deb11u1fixed
bullseye (security)2.10.7+merged+base+2.10.17+dfsg-0+deb11u3fixed
bookworm7.7.0+dfsg-3+deb12u1fixed
trixie12.0.0~a6+dfsg-1fixed
forky, sid12.0.0+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ansiblesourcejessie(not affected)
ansiblesource(unstable)2.2.0.0-4844691

Notes

[jessie] - ansible <not-affected> (Vulnerable code not present)
https://github.com/ansible/ansible-modules-core/pull/5388
Search for package or bug name: Reporting problems