[Git][security-tracker-team/security-tracker][master] Reserve DLA-3239-1 for git
Sylvain Beucler (@beuc)
beuc at debian.org
Tue Dec 13 17:34:15 GMT 2022
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
641508a6 by Sylvain Beucler at 2022-12-13T18:33:54+01:00
Reserve DLA-3239-1 for git
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -52739,7 +52739,6 @@ CVE-2022-29188 (Smokescreen is an HTTP proxy. The primary use case for Smokescre
CVE-2022-29187 (Git is a distributed revision control system. Git prior to versions 2. ...)
- git 1:2.37.2-1 (bug #1014848)
[bullseye] - git <no-dsa> (Minor issue)
- [buster] - git <no-dsa> (Minor issue)
NOTE: https://lists.q42.co.uk/pipermail/git-announce/2022-July/001250.html
NOTE: https://github.com/git/git/commit/3b0bf2704980b1ed6018622bdf5377ec22289688 (v2.30.5)
NOTE: https://github.com/git/git/commit/ae9abbb63eea74441e3e8b153dc6ec1f94c373b4 (v2.30.5) (regression)
@@ -65650,7 +65649,6 @@ CVE-2022-24766 (mitmproxy is an interactive, SSL/TLS-capable intercepting proxy.
CVE-2022-24765 (Git for Windows is a fork of Git containing Windows-specific patches. ...)
- git 1:2.35.2-1
[bullseye] - git <no-dsa> (Minor issue)
- [buster] - git <no-dsa> (Minor issue)
[stretch] - git <no-dsa> (Minor issue)
NOTE: https://github.com/git/git/commit/6e7ad1e4c22e7038975ba37c7413374fe566b064 (v2.30.3)
NOTE: https://github.com/git/git/commit/bdc77d1d685be9c10b88abb281a42bc620548595 (v2.30.3)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[13 Dec 2022] DLA-3239-1 git - security update
+ {CVE-2022-24765 CVE-2022-29187 CVE-2022-39253 CVE-2022-39260}
+ [buster] - git 1:2.20.1-2+deb10u5
[13 Dec 2022] DLA-3238-1 pngcheck - security update
{CVE-2020-35511}
[buster] - pngcheck 3.0.3-1~deb10u2
=====================================
data/dla-needed.txt
=====================================
@@ -63,10 +63,6 @@ fusiondirectory
fwupd
NOTE: 20221003: Programming language: C++.
--
-git (Sylvain Beucler)
- NOTE: 20221031: Programming language: C.
- NOTE: 20221031: VCS: https://salsa.debian.org/lts-team/packages/git.git
---
golang-1.11
NOTE: 20220916: Programming language: Go.
NOTE: 20220916: Special attention: limited support; requires rebuilding reverse build dependencies (though recent bullseye updates didn't)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/641508a6538551476ddabd79c0418f0f38c160cf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/641508a6538551476ddabd79c0418f0f38c160cf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221213/646977f2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list