[Git][security-tracker-team/security-tracker][master] Reserve DSA number for git update

Fri Sep 13 20:39:18 BST 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
29e1ebf8 by Salvatore Bonaccorso at 2024-09-13T21:38:55+02:00
Reserve DSA number for git update

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -112524,7 +112524,6 @@ CVE-2023-29008 (The SvelteKit framework offers developers an option to create si
 CVE-2023-29007 (Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2. ...)
 	{DLA-3867-1 DLA-3844-1}
 	- git 1:2.40.1-1 (bug #1034835)
-	[bookworm] - git <no-dsa> (Minor issue)
 	NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/
 	NOTE: https://github.com/git/git/commit/29198213c9163c1d552ee2bdbf78d2b09ccc98b8 (v2.30.9)
 	NOTE: https://github.com/git/git/commit/a5bb10fd5e74101e7c07da93e7c32bbe60f6173a (v2.30.9)
@@ -122415,7 +122414,6 @@ CVE-2023-25816 (Nextcloud is an Open Source private cloud software. Versions 25.
 CVE-2023-25815 (In Git for Windows, the Windows port of Git, no localized messages are ...)
 	{DLA-3867-1 DLA-3844-1}
 	- git 1:2.40.1-1 (bug #1034835)
-	[bookworm] - git <no-dsa> (Minor issue)
 	NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/
 	NOTE: https://github.com/git/git/commit/c4137be0f5a6edf9a9044e6e43ecf4468c7a4046 (v2.30.9)
 CVE-2023-25814 (metersphere is an open source continuous testing platform. In versions ...)
@@ -123227,7 +123225,6 @@ CVE-2023-25653 (node-jose is a JavaScript implementation of the JSON Object Sign
 CVE-2023-25652 (Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2. ...)
 	{DLA-3867-1 DLA-3844-1}
 	- git 1:2.40.1-1 (bug #1034835)
-	[bookworm] - git <no-dsa> (Minor issue)
 	NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/
 	NOTE: https://github.com/git/git/commit/9db05711c98efc14f414d4c87135a34c13586e0b (v2.30.9)
 CVE-2023-25651 (There is a SQL injection vulnerability in some ZTE mobile internetprod ...)


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[13 Sep 2024] DSA-5769-1 git - security update
+	{CVE-2023-25652 CVE-2023-25815 CVE-2023-29007 CVE-2024-32002 CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465}
+	[bookworm] - git 1:2.39.5-0+deb12u1
 [11 Sep 2024] DSA-5768-1 chromium - security update
 	{CVE-2024-8636 CVE-2024-8637 CVE-2024-8638 CVE-2024-8639}
 	[bookworm] - chromium 128.0.6613.137-1~deb12u1


=====================================
data/dsa-needed.txt
=====================================
@@ -23,10 +23,6 @@ expat (jmm)
 frr
   coordination with the maintainer ongoing
 --
-git (carnil)
-  Maintainer is queried to prepare an update, prepared bookworm update
-  Needs review if we want to fix ikiwiki-hosting and fcgiwrap via security or point release
---
 libreswan
   Waiting on feedback from maintainer
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29e1ebf80e65ef386b2fea767b40b740c5751534

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29e1ebf80e65ef386b2fea767b40b740c5751534
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240913/7180af52/attachment-0001.htm>
