[Git][security-tracker-team/security-tracker][master] Reserve DLA-3303-1 for ruby-git

Utkarsh Gupta (@utkarsh) utkarsh at debian.org
Mon Jan 30 22:20:35 GMT 2023



Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
be53887b by Utkarsh Gupta at 2023-01-31T03:50:15+05:30
Reserve DLA-3303-1 for ruby-git

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -74099,7 +74099,6 @@ CVE-2022-25758 (All versions of package scss-tokenizer are vulnerable to Regular
 CVE-2022-25648 (The package git before 1.11.0 are vulnerable to Command Injection via  ...)
 	- ruby-git 1.13.1-1 (bug #1009926)
 	[bullseye] - ruby-git <no-dsa> (Minor issue)
-	[buster] - ruby-git <no-dsa> (Minor issue)
 	NOTE: https://github.com/ruby-git/ruby-git/pull/569
 	NOTE: Fixed by: https://github.com/ruby-git/ruby-git/commit/291ca0946bec7164b90ad5c572ac147f512c7159 (v1.11.0)
 	NOTE: https://security.snyk.io/vuln/SNYK-RUBY-GIT-2421270


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[31 Jan 2023] DLA-3303-1 ruby-git - security update
+	{CVE-2022-25648 CVE-2022-46648 CVE-2022-47318}
+	[buster] - ruby-git 1.2.8-1+deb10u1
 [31 Jan 2023] DLA-3302-1 nova - security update
 	{CVE-2022-47951}
 	[buster] - nova 2:18.1.0-6+deb10u2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be53887be480c3bd0a4af216f8dee8d5c5719ae1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be53887be480c3bd0a4af216f8dee8d5c5719ae1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230130/922b5b75/attachment.htm>


More information about the debian-security-tracker-commits mailing list