[Git][security-tracker-team/security-tracker][master] 3 commits: Revert "setup-repo: ensure hooks directory exists"

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jul 8 08:16:57 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bd9fa4e1 by Salvatore Bonaccorso at 2023-07-08T09:05:31+02:00
Revert "setup-repo: ensure hooks directory exists"

This reverts commit e57c301b2c5ad6d664d964aa961e2edfb6c6e4cc.

Reasoning for the revert: At the point mkdir -p "$GIT_HOOKS_DIR" we did
already several operations on ${HOOK}. So ensuring the directory exists
seems likely to be done earlier. What concrete case did lead to this
change?

- - - - -
5f5c75cd by Salvatore Bonaccorso at 2023-07-08T09:09:42+02:00
Add reference to pull request for CVE-2023-36830/sqlfluff

- - - - -
7674de2c by Salvatore Bonaccorso at 2023-07-08T09:16:09+02:00
Track fixed version for CVE-2023-35934/yt-dlp

- - - - -


2 changed files:

- bin/setup-repo
- data/CVE/list


Changes:

=====================================
bin/setup-repo
=====================================
@@ -30,7 +30,6 @@ install_pre_commit_hook() {
   fi
 
   echo "Installing pre-commit hook"
-  mkdir -p "$GIT_HOOKS_DIR"
   ln -s "${SRC}" "${HOOK}"
 }
 


=====================================
data/CVE/list
=====================================
@@ -168,6 +168,7 @@ CVE-2023-36830 (SQLFluff is a SQL linter. Prior to version 2.1.2, in environment
 	- sqlfluff <unfixed>
 	[bookworm] - sqlfluff <no-dsa> (Minor issue)
 	NOTE: https://github.com/sqlfluff/sqlfluff/security/advisories/GHSA-jqhc-m2j3-fjrx
+	NOTE: https://github.com/sqlfluff/sqlfluff/pull/4925
 CVE-2023-36823 (Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully ...)
 	- ruby-sanitize <unfixed>
 	NOTE: https://github.com/rgrove/sanitize/commit/76ed46e6dc70820f38efe27de8dabd54dddb5220 (v6.0.2)
@@ -191,7 +192,7 @@ CVE-2023-35948 (Novu provides an API for sending notifications through multiple
 CVE-2023-35937 (Metersphere is an open source continuous testing platform. In versions ...)
 	NOT-FOR-US: Metersphere
 CVE-2023-35934 (yt-dlp is a command-line program to download videos from video sites.  ...)
-	- yt-dlp <unfixed> (bug #1040595)
+	- yt-dlp 2023.07.06-1 (bug #1040595)
 	[bookworm] - yt-dlp <no-dsa> (Minor issue)
 	[bullseye] - yt-dlp <no-dsa> (Minor issue)
 	NOTE: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-v8mc-9377-rwjj



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/05c027116d32666424ddc4a3691af9547473c826...7674de2c562e48838b32d777e98dde331850765c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/05c027116d32666424ddc4a3691af9547473c826...7674de2c562e48838b32d777e98dde331850765c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230708/cbc4a79f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list