[Git][security-tracker-team/security-tracker][master] Reserve DLA-3502-1 for python-git

Sylvain Beucler (@beuc) beuc at debian.org
Tue Jul 25 11:08:58 BST 2023 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6d370503 by Sylvain Beucler at 2023-07-25T12:08:36+02:00
Reserve DLA-3502-1 for python-git

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -104259,7 +104259,6 @@ CVE-2022-24440 (The package cocoapods-downloader before 1.6.0, from 1.6.2 and be
 CVE-2022-24439 (All versions of package gitpython are vulnerable to Remote Code Execut ...)
 	- python-git 3.1.30-1 (bug #1027163)
 	[bullseye] - python-git <no-dsa> (Minor issue)
-	[buster] - python-git <no-dsa> (Minor issue)
 	NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858
 	NOTE: https://github.com/gitpython-developers/GitPython/commit/787359d80d80225095567340aa5e7ec01847fa9a (3.1.30)
 	NOTE: https://github.com/gitpython-developers/GitPython/commit/678a8fe08dd466fcfe8676294b52887955138960 (3.1.30)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[25 Jul 2023] DLA-3502-1 python-git - security update
+	{CVE-2022-24439}
+	[buster] - python-git 2.1.11-1+deb10u1
 [25 Jul 2023] DLA-3501-1 renderdoc - security update
 	{CVE-2023-33863 CVE-2023-33864 CVE-2023-33865}
 	[buster] - renderdoc 1.2+dfsg-2+deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -124,9 +124,6 @@ pandoc (guilhem)
   NOTE: 20230721: Discovered the upstream fix for CVE-2023-35936 was incomplete,
   NOTE: 20230721: got in touch with them and requested a new CVE. (guilhem)
 --
-python-git (Sylvain Beucler)
-  NOTE: 20230724: Added by Front-Desk (apo)
---
 python-glance-store
   NOTE: 20230525: Added by Front-Desk (lamby)
   NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d370503f40d83a7778cc08aab79ff9a73a856ec

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d370503f40d83a7778cc08aab79ff9a73a856ec
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230725/104af043/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list