BRE-MD
August 2, 2022, 1:15pm
1
Hi,
I has send a mail to security@ansible.com and got the reply:
This is the mail system at host mx1.redhat.com .
I’m sorry to have to inform you that your message could not be delivered to one or more recipients. It’s attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can delete your own text from the attached returned message.
The mail system
<ansible-security@redhat.com > (expanded from <security@ansible.com >): host
int-mx-rdu2.corp.redhat.com [10.11.203.6] said: 550 5.1.1
<ansible-security@redhat.com >: Recipient address rejected: User unknown in
local recipient table (in reply to RCPT TO command)
Where can I report a security-issue?
With best regards,
Boy Reese
Thanks for pointing this out; we’ve bumped this up to the security team and asked them where we can send information until this is fixed. When we hear back we will let you know.
-The AWX Team
BRE-MD
August 10, 2022, 9:21am
3
Hi AWX Team,
do you get feedback from security-Team?
Because, I don’t know, where I should send my asked, I ask here:
When will be upgrade Django 3.2.13 to 3.2.14 in AWX for fixing the issue CVE-2022-34265 (Score: 9.8)
(see: https://github.com/ansible/awx/pull/12516 )
With greetings,
We did get feedback from the security team and they determined AWX isn’t affected by this particular CVE (i.e. not using the Trunc() and Extract() database functions).
AWX Team