[Git][security-tracker-team/security-tracker][master] 3 commits: git: remove no-dsa tags for upcoming security update

Markus Koschany (@apo) apo at debian.org
Mon Oct 10 23:11:22 BST 2022 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3bbd9a8b by Markus Koschany at 2022-10-10T23:31:15+02:00
git: remove no-dsa tags for upcoming security update

- - - - -
6e0b134b by Markus Koschany at 2022-10-11T00:10:43+02:00
Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker

- - - - -
45d963fa by Markus Koschany at 2022-10-11T00:11:12+02:00
Reserve DLA-3145-1 for git

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -78707,7 +78707,6 @@ CVE-2021-3752 (A use-after-free flaw was found in the Linux kernel’s Bluet
 CVE-2021-40330 (git_connect_git in connect.c in Git before 2.30.1 allows a repository  ...)
 	- git 1:2.30.1-1
 	[bullseye] - git <no-dsa> (Minor issue)
-	[buster] - git <no-dsa> (Minor issue)
 	[stretch] - git <no-dsa> (Minor issue)
 	NOTE: https://github.com/git/git/commit/a02ea577174ab8ed18f847cf1693f213e0b9c473
 CVE-2021-40329 (The Authentication API in Ping Identity PingFederate before 10.3 misha ...)
@@ -127724,7 +127723,6 @@ CVE-2021-21301 (Wire is an open-source collaboration platform. In Wire for iOS (
 	NOT-FOR-US: Wire
 CVE-2021-21300 (Git is an open-source distributed revision control system. In affected ...)
 	- git 1:2.30.2-1 (bug #985120)
-	[buster] - git <no-dsa> (Minor issue)
 	[stretch] - git <no-dsa> (Minor issue)
 	NOTE: https://lore.kernel.org/git/xmqqim6019yd.fsf@gitster.c.googlers.com/
 	NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?h=v2.30.2&id=684dd4c2b414bcf648505e74498a608f28de4592


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[11 Oct 2022] DLA-3145-1 git - security update
+	{CVE-2021-21300 CVE-2021-40330}
+	[buster] - git 1:2.20.1-2+deb10u4
 [10 Oct 2022] DLA-3144-1 connman - security update
 	{CVE-2022-23096 CVE-2022-23097 CVE-2022-23098 CVE-2022-32293}
 	[buster] - connman 1.36-2.1~deb10u4



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/91bc9baff8f41f8eaf6ac1c85c2f9c2c7b11fe7f...45d963faf8eaaafa77007c60b9616a29354879f5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/91bc9baff8f41f8eaf6ac1c85c2f9c2c7b11fe7f...45d963faf8eaaafa77007c60b9616a29354879f5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221010/ebb4a36e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list