[Git][security-tracker-team/security-tracker][master] Reserve DSA-5332-1 for git

Sun Jan 29 07:00:59 GMT 2023


Aron Xu pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7a81e0fb by Aron Xu at 2023-01-29T15:00:36+08:00
Reserve DSA-5332-1 for git

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -35492,7 +35492,6 @@ CVE-2022-39261 (Twig is a template language for PHP. Versions 1.x prior to 1.44.
 CVE-2022-39260 (Git is an open source, scalable, distributed revision control system.  ...)
 	{DLA-3239-1}
 	- git 1:2.38.1-1 (bug #1022046)
-	[bullseye] - git <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/10/18/5
 	NOTE: https://lore.kernel.org/git/xmqq4jw1uku5.fsf@gitster.g/T/#u
 	NOTE: https://github.com/git/git/commit/32696a4cbe90929ae79ea442f5102c513ce3dfaa (v2.30.6)
@@ -35516,7 +35515,6 @@ CVE-2022-39254 (matrix-nio is a Python Matrix client library, designed according
 CVE-2022-39253 (Git is an open source, scalable, distributed revision control system.  ...)
 	{DLA-3239-1}
 	- git 1:2.38.1-1 (bug #1022046)
-	[bullseye] - git <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/10/18/5
 	NOTE: https://lore.kernel.org/git/xmqq4jw1uku5.fsf@gitster.g/T/#u
 	NOTE: https://github.com/git/git/commit/6f054f9fb3a501c35b55c65e547a244f14c38d56 (v2.30.6)
@@ -64008,7 +64006,6 @@ CVE-2022-29188 (Smokescreen is an HTTP proxy. The primary use case for Smokescre
 CVE-2022-29187 (Git is a distributed revision control system. Git prior to versions 2. ...)
 	{DLA-3239-1}
 	- git 1:2.37.2-1 (bug #1014848)
-	[bullseye] - git <no-dsa> (Minor issue)
 	NOTE: https://lists.q42.co.uk/pipermail/git-announce/2022-July/001250.html
 	NOTE: https://github.com/git/git/commit/3b0bf2704980b1ed6018622bdf5377ec22289688 (v2.30.5)
 	NOTE: https://github.com/git/git/commit/ae9abbb63eea74441e3e8b153dc6ec1f94c373b4 (v2.30.5) (regression)
@@ -76899,7 +76896,6 @@ CVE-2022-24766 (mitmproxy is an interactive, SSL/TLS-capable intercepting proxy.
 CVE-2022-24765 (Git for Windows is a fork of Git containing Windows-specific patches.  ...)
 	{DLA-3239-1}
 	- git 1:2.35.2-1
-	[bullseye] - git <no-dsa> (Minor issue)
 	[stretch] - git <no-dsa> (Minor issue)
 	NOTE: https://github.com/git/git/commit/6e7ad1e4c22e7038975ba37c7413374fe566b064 (v2.30.3)
 	NOTE: https://github.com/git/git/commit/bdc77d1d685be9c10b88abb281a42bc620548595 (v2.30.3)


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[29 Jan 2023] DSA-5332-1 git - security update
+	{CVE-2022-23521 CVE-2022-24765 CVE-2022-29187 CVE-2022-39253 CVE-2022-39260 CVE-2022-41903}
+	[bullseye] - git 1:2.30.2-1+deb11u1
 [28 Jan 2023] DSA-5331-1 openjdk-11 - security update
 	{CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399 CVE-2023-21835 CVE-2023-21843}
 	[bullseye] - openjdk-11 11.0.18+10-1~deb11u1


=====================================
data/dsa-needed.txt
=====================================
@@ -14,8 +14,6 @@ If needed, specify the release by adding a slash after the name of the source pa
 --
 frr
 --
-git (aron)
---
 jupyter-core
   Maintainer asked for availability to prepare updates
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a81e0fb8bc72244e0d64eb092e2bd5b6d3da894

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a81e0fb8bc72244e0d64eb092e2bd5b6d3da894
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230129/822f987c/attachment.htm>
