[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2022-24765/git: reference further fixes

Thu Dec 8 16:21:28 GMT 2022


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
66a4d5f5 by Sylvain Beucler at 2022-12-08T17:21:06+01:00
CVE-2022-24765/git: reference further fixes

- - - - -
04e42886 by Sylvain Beucler at 2022-12-08T17:21:07+01:00
CVE-2022-29187/git: reference further fixes

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -51284,6 +51284,10 @@ CVE-2022-29187 (Git is a distributed revision control system. Git prior to versi
 	[buster] - git <no-dsa> (Minor issue)
 	NOTE: https://lists.q42.co.uk/pipermail/git-announce/2022-July/001250.html
 	NOTE: https://github.com/git/git/commit/3b0bf2704980b1ed6018622bdf5377ec22289688 (v2.30.5)
+	NOTE: https://github.com/git/git/commit/ae9abbb63eea74441e3e8b153dc6ec1f94c373b4 (v2.30.5) (regression)
+	NOTE: https://github.com/git/git/commit/5f1a3fec8c304decaa9af2bf503712050a4a84e0 (v2.30.5) (regression test)
+	NOTE: https://github.com/git/git/commit/b9063afda17a2aa6310423c9f7b776c41f753091 (v2.30.5) (regression test)
+	NOTE: https://github.com/git/git/commit/6b11e3d52e919cce91011f4f9025e6f4b61375f2 (v2.30.5) (regression)
 	NOTE: Relates to CVE-2022-24765.
 CVE-2022-29186 (Rundeck is an open source automation service with a web console, comma ...)
 	NOT-FOR-US: Rundeck
@@ -64194,11 +64198,15 @@ CVE-2022-24765 (Git for Windows is a fork of Git containing Windows-specific pat
 	NOTE: https://github.com/git/git/commit/bdc77d1d685be9c10b88abb281a42bc620548595 (v2.30.3)
 	NOTE: https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9 (v2.30.3)
 	NOTE: https://github.com/git/git/commit/fdcad5a53e14bd397e4fa323e7fd0c3bf16dd373 (v2.30.3)
-	NOTE: https://github.com/git/git/commit/cb95038137e9e66fc6a6b4a0e8db62bcc521b709 (v2.30.3)
+	NOTE: https://github.com/git/git/commit/cb95038137e9e66fc6a6b4a0e8db62bcc521b709 (v2.30.3) (doc)
+	NOTE: https://github.com/git/git/commit/e47363e5a8bdf5144059d664c45c0975243ef05b (v2.30.4) (regression)
+	NOTE: https://github.com/git/git/commit/bb50ec3cc300eeff3aba7a2bea145aabdb477d31 (v2.30.4) (regression)
+	NOTE: https://github.com/git/git/commit/0f85c4a30b072a26d74af8bbf63cc8f6a5dfc1b8 (v2.30.4) (functional change mitigation / opt-out)
 	NOTE: https://lore.kernel.org/git/xmqqv8veb5i6.fsf@gitster.g/
 	NOTE: Limitations of ownership checking for the CVE fix:
 	NOTE: https://lore.kernel.org/git/CAKJfoCEgiNvQJGt=rGYTaKQ1i2ihrPmX2Sz3Zxg-y66L+1Qh6g@mail.gmail.com/
 	NOTE: https://github.blog/2022-04-12-git-security-vulnerability-announced/
+	NOTE: See CVE-2022-29187 for further fixes
 CVE-2022-24764 (PJSIP is a free and open source multimedia communication library writt ...)
 	{DSA-5285-1 DLA-3194-1 DLA-2962-1}
 	- asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d640702fe655202598f28f2ac4723bc1395e6ac9...04e42886438cf9630c21c8565defae7ecc9df881

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d640702fe655202598f28f2ac4723bc1395e6ac9...04e42886438cf9630c21c8565defae7ecc9df881
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221208/e30d585a/attachment.htm>
