[Git][security-tracker-team/security-tracker][master] Reserve DLA-3867-1 for git

Tue Sep 3 10:43:01 BST 2024


Sean Whitton pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9661906c by Sean Whitton at 2024-09-03T10:42:29+01:00
Reserve DLA-3867-1 for git

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -109948,7 +109948,6 @@ CVE-2023-29007 (Git is a revision control system. Prior to versions 2.30.9, 2.31
 	{DLA-3844-1}
 	- git 1:2.40.1-1 (bug #1034835)
 	[bookworm] - git <no-dsa> (Minor issue)
-	[bullseye] - git <no-dsa> (Minor issue)
 	NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/
 	NOTE: https://github.com/git/git/commit/29198213c9163c1d552ee2bdbf78d2b09ccc98b8 (v2.30.9)
 	NOTE: https://github.com/git/git/commit/a5bb10fd5e74101e7c07da93e7c32bbe60f6173a (v2.30.9)
@@ -119838,7 +119837,6 @@ CVE-2023-25815 (In Git for Windows, the Windows port of Git, no localized messag
 	{DLA-3844-1}
 	- git 1:2.40.1-1 (bug #1034835)
 	[bookworm] - git <no-dsa> (Minor issue)
-	[bullseye] - git <no-dsa> (Minor issue)
 	NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/
 	NOTE: https://github.com/git/git/commit/c4137be0f5a6edf9a9044e6e43ecf4468c7a4046 (v2.30.9)
 CVE-2023-25814 (metersphere is an open source continuous testing platform. In versions ...)
@@ -120651,7 +120649,6 @@ CVE-2023-25652 (Git is a revision control system. Prior to versions 2.30.9, 2.31
 	{DLA-3844-1}
 	- git 1:2.40.1-1 (bug #1034835)
 	[bookworm] - git <no-dsa> (Minor issue)
-	[bullseye] - git <no-dsa> (Minor issue)
 	NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/
 	NOTE: https://github.com/git/git/commit/9db05711c98efc14f414d4c87135a34c13586e0b (v2.30.9)
 CVE-2023-25651 (There is a SQL injection vulnerability in some ZTE mobile internetprod ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[03 Sep 2024] DLA-3867-1 git - security update
+	{CVE-2019-1387 CVE-2023-25652 CVE-2023-25815 CVE-2023-29007 CVE-2024-32002 CVE-2024-32004 CVE-2024-32021 CVE-2024-32465}
+	[bullseye] - git 1:2.30.2-1+deb11u3
 [03 Sep 2024] DLA-3866-1 ruby-tzinfo - security update
 	{CVE-2022-31163}
 	[bullseye] - ruby-tzinfo 1.2.6-1+deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -93,16 +93,6 @@ ghostscript (abhijith)
   NOTE: 20240815: A bookworm DSA is planned
   NOTE: 20240815: Coordinate bullseye update with carnil (Beuc/front-desk)
 --
-git (Sean Whitton)
-  NOTE: 20240522: Added by oldstable Security Team (jmm)
-  NOTE: 20240525: Maintainer is queried to prepare an update (carnil)
-  NOTE: 20240617: Maintainer prepared bookworm update, bullseye not yet done (carnil)
-  NOTE: 20240815: A bookworm DSA is planned
-  NOTE: 20240815: coordinate bullseye DLA with maintainer (Beuc/front-desk)
-  NOTE: 20240816: waiting for fixed git to migrate in testing, cf. dsa-needed.txt (Beuc/front-desk)
-  NOTE: 20240825: Update has been finished & waiting for LTS uploads to open
-  NOTE: 20240825: since 17th. (spwhitton)
---
 glance (Thomas Goirand)
   NOTE: 20240704: Added by oldstable Security Team (carnil)
   NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9661906c839d6de47cb3ddea3bb38803f33f6b43

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9661906c839d6de47cb3ddea3bb38803f33f6b43
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240903/8444e255/attachment-0001.htm>
