[Git][security-tracker-team/security-tracker][master] Add CVE-2024-22190/python-git

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 11 08:52:44 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
29199c62 by Salvatore Bonaccorso at 2024-01-11T09:51:09+01:00
Add CVE-2024-22190/python-git

Decided to mark it as not-affected instead of unfixed + unimportant as
this only affects the search path issue on Windows, so we can handle it
similarly as the not-affected entries for firefox, thunderbird et al
when only beeing a problem on Windows plattform.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,7 +5,10 @@ CVE-2024-22195 (Jinja is an extensible templating engine. Special placeholders i
 CVE-2024-22194 (cdo-local-uuid project provides a specialized UUID-generating function ...)
 	TODO: check
 CVE-2024-22190 (GitPython is a python library used to interact with Git repositories.  ...)
-	TODO: check
+	- python-git <not-affected> (Only affects Windows)
+	NOTE: https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx
+	NOTE: https://github.com/gitpython-developers/GitPython/pull/1792
+	NOTE: https://github.com/gitpython-developers/GitPython/commit/ef3192cc414f2fd9978908454f6fd95243784c7f (3.1.41)
 CVE-2024-21833 (Multiple TP-LINK products allow a network-adjacent unauthenticated att ...)
 	TODO: check
 CVE-2024-21821 (Multiple TP-LINK products allow a network-adjacent authenticated attac ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29199c62bba5582013e77f69eef01c9b3a188ee8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29199c62bba5582013e77f69eef01c9b3a188ee8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240111/54035d0f/attachment.htm>

More information about the debian-security-tracker-commits mailing list