[Git][security-tracker-team/security-tracker][master] CVE-2024-32004/git: Document more details about the breaking change commit

Adrian Bunk (@bunk) bunk at debian.org
Fri Oct 4 11:32:37 BST 2024



Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
abd8697e by Adrian Bunk at 2024-10-04T13:27:48+03:00
CVE-2024-32004/git: Document more details about the breaking change commit

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -37535,6 +37535,10 @@ CVE-2024-32004 (Git is a revision control system. Prior to versions 2.45.1, 2.44
 	NOTE: https://github.com/git/git/commit/f4aa8c8bb11dae6e769cd930565173808cbb69c8
 	NOTE: https://github.com/git/git/commit/7b70e9efb18c2cc3f219af399bd384c5801ba1d7
 	NOTE: Regression: https://lore.kernel.org/git/924426.1716570031@dash.ant.isi.edu/T/#u
+	NOTE: fcgiwrap (autopkgtest-only issue) and ikiwiki-hosting were broken
+	NOTE: by the "detect dubious ownership" commit and fixed in >= bookworm.
+	NOTE: The "detect dubious ownership" commit was not backported to <= bullseye:
+	NOTE: https://lists.debian.org/debian-lts/2024/05/msg00017.html
 CVE-2024-32002 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...)
 	{DSA-5769-1 DLA-3867-1 DLA-3844-1}
 	- git 1:2.45.1-1 (bug #1071160)


=====================================
data/dla-needed.txt
=====================================
@@ -82,11 +82,6 @@ exim4 (Markus Koschany)
   NOTE: 20240815: Consider fixing older postponed CVEs as well (Beuc/front-desk)
   NOTE: 20240923: Currently testing the update. (apo)
 --
-fcgiwrap (Adrian Bunk)
-  NOTE: 20241002: Added by Front-Desk (Beuc)
-  NOTE: 20241002: Assess and handle breaking changes from Git DLA, cf.
-  NOTE: 20241002: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081035 (Beuc/front-desk)
---
 ffmpeg (Markus Koschany)
   NOTE: 20240815: Added by Front-Desk (Beuc)
   NOTE: 20240815: Upgrade to 4.3.8 (same approach as DSA-5748-1) (Beuc/front-desk)
@@ -118,11 +113,6 @@ glewlwyd
   NOTE: 20240815: pu scheduled https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007884
   NOTE: 20240815: maintainer (babelouest) plans to do a LTS upload as well (Beuc/front-desk)
 --
-ikiwiki-hosting
-  NOTE: 20241002: Added by Front-Desk (Beuc)
-  NOTE: 20241002: Assess and handle breaking changes from Git DLA, cf.
-  NOTE: 20241002: https://lists.debian.org/debian-stable-announce/2024/09/msg00000.html (Beuc/front-desk)
---
 intel-mediasdk
   NOTE: 20240922: Added by Front-Desk (apo)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abd8697e51c9fa818a14b16b5c4c8b179ae682b3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abd8697e51c9fa818a14b16b5c4c8b179ae682b3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241004/3900e117/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list