[Git][security-tracker-team/security-tracker][master] CVE-2024-32004/git: Document more details about the breaking change commit
Adrian Bunk (@bunk)
bunk at debian.org
Fri Oct 4 11:32:37 BST 2024
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits:
abd8697e by Adrian Bunk at 2024-10-04T13:27:48+03:00
CVE-2024-32004/git: Document more details about the breaking change commit
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -37535,6 +37535,10 @@ CVE-2024-32004 (Git is a revision control system. Prior to versions 2.45.1, 2.44
NOTE: https://github.com/git/git/commit/f4aa8c8bb11dae6e769cd930565173808cbb69c8
NOTE: https://github.com/git/git/commit/7b70e9efb18c2cc3f219af399bd384c5801ba1d7
NOTE: Regression: https://lore.kernel.org/git/924426.1716570031@dash.ant.isi.edu/T/#u
+ NOTE: fcgiwrap (autopkgtest-only issue) and ikiwiki-hosting were broken
+ NOTE: by the "detect dubious ownership" commit and fixed in >= bookworm.
+ NOTE: The "detect dubious ownership" commit was not backported to <= bullseye:
+ NOTE: https://lists.debian.org/debian-lts/2024/05/msg00017.html
CVE-2024-32002 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...)
{DSA-5769-1 DLA-3867-1 DLA-3844-1}
- git 1:2.45.1-1 (bug #1071160)
=====================================
data/dla-needed.txt
=====================================
@@ -82,11 +82,6 @@ exim4 (Markus Koschany)
NOTE: 20240815: Consider fixing older postponed CVEs as well (Beuc/front-desk)
NOTE: 20240923: Currently testing the update. (apo)
--
-fcgiwrap (Adrian Bunk)
- NOTE: 20241002: Added by Front-Desk (Beuc)
- NOTE: 20241002: Assess and handle breaking changes from Git DLA, cf.
- NOTE: 20241002: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081035 (Beuc/front-desk)
---
ffmpeg (Markus Koschany)
NOTE: 20240815: Added by Front-Desk (Beuc)
NOTE: 20240815: Upgrade to 4.3.8 (same approach as DSA-5748-1) (Beuc/front-desk)
@@ -118,11 +113,6 @@ glewlwyd
NOTE: 20240815: pu scheduled https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007884
NOTE: 20240815: maintainer (babelouest) plans to do a LTS upload as well (Beuc/front-desk)
--
-ikiwiki-hosting
- NOTE: 20241002: Added by Front-Desk (Beuc)
- NOTE: 20241002: Assess and handle breaking changes from Git DLA, cf.
- NOTE: 20241002: https://lists.debian.org/debian-stable-announce/2024/09/msg00000.html (Beuc/front-desk)
---
intel-mediasdk
NOTE: 20240922: Added by Front-Desk (apo)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abd8697e51c9fa818a14b16b5c4c8b179ae682b3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abd8697e51c9fa818a14b16b5c4c8b179ae682b3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241004/3900e117/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list