[Git][security-tracker-team/security-tracker][master] Reserve DLA-3303-1 for ruby-git
Utkarsh Gupta (@utkarsh)
utkarsh at debian.org
Mon Jan 30 22:20:35 GMT 2023
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker
Commits:
be53887b by Utkarsh Gupta at 2023-01-31T03:50:15+05:30
Reserve DLA-3303-1 for ruby-git
- - - - -
2 changed files:
- data/CVE/list
- data/DLA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -74099,7 +74099,6 @@ CVE-2022-25758 (All versions of package scss-tokenizer are vulnerable to Regular
CVE-2022-25648 (The package git before 1.11.0 are vulnerable to Command Injection via ...)
- ruby-git 1.13.1-1 (bug #1009926)
[bullseye] - ruby-git <no-dsa> (Minor issue)
- [buster] - ruby-git <no-dsa> (Minor issue)
NOTE: https://github.com/ruby-git/ruby-git/pull/569
NOTE: Fixed by: https://github.com/ruby-git/ruby-git/commit/291ca0946bec7164b90ad5c572ac147f512c7159 (v1.11.0)
NOTE: https://security.snyk.io/vuln/SNYK-RUBY-GIT-2421270
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[31 Jan 2023] DLA-3303-1 ruby-git - security update
+ {CVE-2022-25648 CVE-2022-46648 CVE-2022-47318}
+ [buster] - ruby-git 1.2.8-1+deb10u1
[31 Jan 2023] DLA-3302-1 nova - security update
{CVE-2022-47951}
[buster] - nova 2:18.1.0-6+deb10u2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be53887be480c3bd0a4af216f8dee8d5c5719ae1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be53887be480c3bd0a4af216f8dee8d5c5719ae1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230130/922b5b75/attachment.htm>
More information about the debian-security-tracker-commits
mailing list