[Git][security-tracker-team/security-tracker][master] Reserve DLA-2936-1 for libgit2

Mon Mar 7 13:44:42 GMT 2022


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
14218b36 by Utkarsh Gupta at 2022-03-07T19:14:25+05:30
Reserve DLA-2936-1 for libgit2

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -233824,7 +233824,6 @@ CVE-2018-15502 (Insecure permissions in Lone Wolf Technologies loadingDOCS 2018-
 CVE-2018-15501 (In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27. ...)
 	{DLA-1477-1}
 	- libgit2 0.27.4+dfsg.1-0.1 (low)
-	[stretch] - libgit2 <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9406
 	NOTE: https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649
 CVE-2018-15500
@@ -246288,12 +246287,10 @@ CVE-2018-10889 (A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7.
 CVE-2018-10888 (A flaw was found in libgit2 before version 0.27.3. A missing check in  ...)
 	{DLA-1477-1}
 	- libgit2 0.27.4+dfsg.1-0.1 (low; bug #903508)
-	[stretch] - libgit2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/libgit2/libgit2/commit/9844d38bed10e9ff17174434b3421b227ae710f3
 CVE-2018-10887 (A flaw was found in libgit2 before version 0.27.3. It has been discove ...)
 	{DLA-1477-1}
 	- libgit2 0.27.4+dfsg.1-0.1 (low; bug #903509)
-	[stretch] - libgit2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a
 	NOTE: https://github.com/libgit2/libgit2/commit/c1577110467b701dcbcf9439ac225ea851b47d22
 CVE-2018-XXXX [Incomplete fix for CVE-2018-10886]
@@ -253394,13 +253391,11 @@ CVE-2018-8100 (The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00
 CVE-2018-8099 (Incorrect returning of an error code in the index.c:read_entry() funct ...)
 	[experimental] - libgit2 0.27.0+dfsg.1-0.1
 	- libgit2 0.27.0+dfsg.1-0.6 (low; bug #892962)
-	[stretch] - libgit2 <no-dsa> (Minor issue)
 	[jessie] - libgit2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/libgit2/libgit2/commit/58a6fe94cb851f71214dbefac3f9bffee437d6fe
 CVE-2018-8098 (Integer overflow in the index.c:read_entry() function while decompress ...)
 	[experimental] - libgit2 0.27.0+dfsg.1-0.1
 	- libgit2 0.27.0+dfsg.1-0.6 (low; bug #892961)
-	[stretch] - libgit2 <no-dsa> (Minor issue)
 	[jessie] - libgit2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/libgit2/libgit2/commit/3207ddb0103543da8ad2139ec6539f590f9900c1
 	NOTE: https://github.com/libgit2/libgit2/commit/3db1af1f370295ad5355b8f64b865a2a357bcac0


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[07 Mar 2022] DLA-2936-1 libgit2 - security update
+	{CVE-2018-8098 CVE-2018-8099 CVE-2018-10887 CVE-2018-10888 CVE-2018-15501}
+	[stretch] - libgit2 0.25.1+really0.24.6-1+deb9u1
 [07 Mar 2022] DLA-2935-1 expat - security update
 	{CVE-2022-23852 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25315}
 	[stretch] - expat 2.2.0-2+deb9u5


=====================================
data/dla-needed.txt
=====================================
@@ -55,10 +55,6 @@ kcron
 libarchive (Thorsten Alteholz)
   NOTE: 20220225: fix seems to be incomplete
 --
-libgit2 (Utkarsh)
-  NOTE: 20220208: got clearance. will upload this week. (utkarsh)
-  NOTE: 20220221: had been severely ill the past week. shall get it done soon. (utkarsh)
---
 linux (Ben Hutchings)
 --
 linux-4.19 (Ben Hutchings)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14218b36bb0c568fac9d4033c0fe9a769bcfb203

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14218b36bb0c568fac9d4033c0fe9a769bcfb203
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220307/efc41fac/attachment.htm>
