[Secure-testing-commits] r51816 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2017-05-22 06:53:22 +0000 (Mon, 22 May 2017)
New Revision: 51816

Modified:
   data/CVE/list
Log:
Record back-and-forth with libgit2

Note for reviewers: needs now a double-check the issues are really fixed
and not reopened for any of the CVEs. libgit2 had several iternations,
first fixed in 0.25.1 in experimental, uploaded to unstable, then now
rewerted to a 0.24.6 based version.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-05-22 06:38:39 UTC (rev 51815)
+++ data/CVE/list	2017-05-22 06:53:22 UTC (rev 51816)
@@ -11638,21 +11638,21 @@
 CVE-2017-5338
 	REJECTED
 CVE-2016-10130 (The http_connect function in transports/http.c in libgit2 before ...)
-	- libgit2 0.25.1-2 (bug #851406)
+	- libgit2 0.25.1+really0.24.6-1 (bug #851406)
 	[jessie] - libgit2 <not-affected> (Vulnerable code not present)
 	[experimental] - cargo 0.17.0-1~exp1
 	- cargo <unfixed> (bug #860990)
 	NOTE: https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22 (v0.25.1)
 	NOTE: https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211 (v0.24.6)
 CVE-2016-10129 (The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x ...)
-	- libgit2 0.25.1-2 (bug #851406)
+	- libgit2 0.25.1+really0.24.6-1 (bug #851406)
 	[jessie] - libgit2 <no-dsa> (Minor issue)
 	[experimental] - cargo 0.17.0-1~exp1
 	- cargo <unfixed> (bug #860990)
 	NOTE: https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a (v0.25.1)
 	NOTE: https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037 (v0.24.6)
 CVE-2016-10128 (Buffer overflow in the git_pkt_parse_line function in ...)
-	- libgit2 0.25.1-2 (bug #851406)
+	- libgit2 0.25.1+really0.24.6-1 (bug #851406)
 	[jessie] - libgit2 <no-dsa> (Minor issue)
 	[experimental] - cargo 0.17.0-1~exp1
 	- cargo <unfixed> (bug #860990)