Candidate: CVE-2016-8647
PublicDate: 2018-07-26 14:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8647
 https://github.com/ansible/ansible-modules-core/pull/5388
Description:
 An input validation vulnerability was found in Ansible's mysql_user module
 before 2.2.1.0, which may fail to correctly change a password in certain
 circumstances. Thus the previous password would still be active when it
 should have been changed.
Ubuntu-Description:
Notes:
 sbeattie> fails on mysql forks percona 5.7 and newer, all mariadb
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844691
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N [4.9 MEDIUM]

Patches_ansible:
 upstream: https://github.com/ansible/ansible-modules-core/pull/5388/commits/2dbbca65db5e88c7a75c75d9fa5a16d6a34f0dbc
upstream_ansible: released (2.2.0.0-4)
precise_ansible: DNE
precise/esm_ansible: DNE
trusty_ansible: ignored (out of standard support)
trusty/esm_ansible: needed
vivid/stable-phone-overlay_ansible: DNE
vivid/ubuntu-core_ansible: DNE
xenial_ansible: not-affected
yakkety_ansible: ignored (reached end-of-life)
zesty_ansible: ignored (reached end-of-life)
artful_ansible: ignored (reached end-of-life)
bionic_ansible: not-affected (2.5.1+dfsg-1)
cosmic_ansible: not-affected (2.6.1+dfsg-1)
disco_ansible: not-affected (2.6.1+dfsg-1)
eoan_ansible: not-affected (2.6.1+dfsg-1)
focal_ansible: not-affected (2.6.1+dfsg-1)
groovy_ansible: not-affected (2.6.1+dfsg-1)
hirsute_ansible: not-affected (2.6.1+dfsg-1)
impish_ansible: not-affected (2.6.1+dfsg-1)
jammy_ansible: not-affected (2.6.1+dfsg-1)
devel_ansible: not-affected (2.6.1+dfsg-1)