[Git][security-tracker-team/security-tracker][master] Reserve DLA-3340-1 for libgit2
Tobias Frost (@tobi)
tobi at debian.org
Thu Feb 23 20:21:10 GMT 2023
Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker
Commits:
045a0647 by Tobias Frost at 2023-02-23T21:20:46+01:00
Reserve DLA-3340-1 for libgit2
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -212946,13 +212946,11 @@ CVE-2020-12280 (iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote at
CVE-2020-12279 (An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99. ...)
{DLA-2936-1}
- libgit2 0.28.4+dfsg.1-2
- [buster] - libgit2 <no-dsa> (Minor issue; only problematic when used on NTFS like filesystem)
[jessie] - libgit2 <no-dsa> (Minor issue; only problematic when used on NTFS like filesystem)
NOTE: https://github.com/libgit2/libgit2/commit/64c612cc3e25eff5fb02c59ef5a66ba7a14751e4
CVE-2020-12278 (An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99. ...)
{DLA-2936-1}
- libgit2 0.28.4+dfsg.1-2
- [buster] - libgit2 <no-dsa> (Minor issue; only problematic when used on NTFS like filesystem)
[jessie] - libgit2 <no-dsa> (Minor issue; only problematic when used on NTFS like filesystem)
NOTE: https://github.com/libgit2/libgit2/commit/3f7851eadca36a99627ad78cbe56a40d3776ed01
NOTE: https://github.com/libgit2/libgit2/commit/e1832eb20a7089f6383cfce474f213157f5300cb
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[23 Feb 2023] DLA-3340-1 libgit2 - security update
+ {CVE-2020-12278 CVE-2020-12279 CVE-2023-22742}
+ [buster] - libgit2 0.27.7+dfsg.1-0.2+deb10u1
[23 Feb 2023] DLA-3339-1 binwalk - security update
{CVE-2022-4510}
[buster] - binwalk 2.1.2~git20180830+dfsg1-1+deb10u1
=====================================
data/dla-needed.txt
=====================================
@@ -123,11 +123,6 @@ libapache2-mod-auth-mellon (Utkarsh)
NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/libapache2-mod-auth-mellon.git
NOTE: 20230220: upload prepped, testing remains. (utkarsh)
--
-libgit2 (tobi)
- NOTE: 20230126: Programming language: C.
- NOTE: 20230126: VCS: https://salsa.debian.org/debian/libgit2.git
- NOTE: 20230126: Please fix also CVE-2020* (gladk).
---
libreoffice
NOTE: 20221012: Programming language: C++.
NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/libreoffice.git
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/045a06470e21163b35d977a0061b8d9c15890052
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/045a06470e21163b35d977a0061b8d9c15890052
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230223/0db7dd65/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list