[Git][security-tracker-team/security-tracker][setup-repo-in-submodules] 2 commits: new dbus-broker issue

Emilio Pozuelo Monfort (@pochu) pochu at debian.org
Wed Jun 22 10:29:24 BST 2022 


Emilio Pozuelo Monfort pushed to branch setup-repo-in-submodules at Debian Security Tracker / security-tracker


Commits:
3f396f82 by Moritz Muehlenhoff at 2022-06-22T11:17:50+02:00
new dbus-broker issue
NFUs (concludes external check)

- - - - -
fda71b54 by Enrico Zini at 2022-06-22T11:29:03+02:00
Make setup-repo work with submodules

- - - - -


2 changed files:

- bin/setup-repo
- data/CVE/list


Changes:

=====================================
bin/setup-repo
=====================================
@@ -4,8 +4,19 @@
 
 set -e
 
-SRC=../../conf/pre-commit
-HOOK=.git/hooks/pre-commit
+## variables
+if [ -d .git ]; then
+  GIT_HOOKS_DIR=".git/hooks"
+elif [ -e .git ]; then
+  GIT_DIR=$(awk '/gitdir:/ { print $2 }' .git)
+  GIT_HOOKS_DIR="$GIT_DIR/hooks"
+else
+  echo "ERROR: Not in the top-level directory of the git repository." >&2
+  exit 1
+fi
+
+SRC=$(realpath --relative-to "$GIT_HOOKS_DIR" conf/pre-commit)
+HOOK="$GIT_HOOKS_DIR"/pre-commit
 
 install_pre_commit_hook() {
   if [ -L "${HOOK}" ] && [ "$(readlink ${HOOK})" = "${SRC}" ]; then


=====================================
data/CVE/list
=====================================
@@ -7788,6 +7788,8 @@ CVE-2022-31213
 	RESERVED
 CVE-2022-31212
 	RESERVED
+	- dbus-broker <unfixed>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2094718
 CVE-2022-31211
 	RESERVED
 CVE-2022-31210
@@ -8147,10 +8149,13 @@ CVE-2022-31037
 	RESERVED
 CVE-2022-31036
 	RESERVED
+	NOT-FOR-US: Argo CD
 CVE-2022-31035
 	RESERVED
+	NOT-FOR-US: Argo CD
 CVE-2022-31034
 	RESERVED
+	NOT-FOR-US: Argo CD
 CVE-2022-31033 (The Mechanize library is used for automating interaction with websites ...)
 	- ruby-mechanize <unfixed>
 	NOTE: https://github.com/sparklemotion/mechanize/security/advisories/GHSA-64qm-hrgp-pgr9
@@ -8198,6 +8203,7 @@ CVE-2022-31017
 	RESERVED
 CVE-2022-31016
 	RESERVED
+	NOT-FOR-US: Argo CD
 CVE-2022-31015 (Waitress is a Web Server Gateway Interface server for Python 2 and 3.  ...)
 	- waitress <unfixed> (bug #1012315)
 	NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-f5x9-8jwc-25rw



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/52d4905b2b4018f3a32fb7648ef555e1d2c42166...fda71b541d09689c6f5a8ae7807321186d5f722f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/52d4905b2b4018f3a32fb7648ef555e1d2c42166...fda71b541d09689c6f5a8ae7807321186d5f722f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220622/f18cdfce/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list