[Git][security-tracker-team/security-tracker][master] Reserve DLA-4406-1 for ruby-git

Sun Dec 14 19:14:13 GMT 2025


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ca650fd9 by Utkarsh Gupta at 2025-12-15T00:43:55+05:30
Reserve DLA-4406-1 for ruby-git

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -280886,13 +280886,11 @@ CVE-2022-4768 (A vulnerability was found in Dropbox merou. It has been classifie
 CVE-2022-47318 (ruby-git versions prior to v1.13.0 allows a remote authenticated attac ...)
 	{DLA-3303-1}
 	- ruby-git 1.13.1-1
-	[bullseye] - ruby-git <no-dsa> (Minor issue)
 	NOTE: https://github.com/ruby-git/ruby-git/pull/602
 	NOTE: https://github.com/ruby-git/ruby-git/commit/4fe8738e8348567255ab4be25867684b5d0d282d (v1.13.0)
 CVE-2022-46648 (ruby-git versions prior to v1.13.0 allows a remote authenticated attac ...)
 	{DLA-3303-1}
 	- ruby-git 1.13.1-1
-	[bullseye] - ruby-git <no-dsa> (Minor issue)
 	NOTE: https://github.com/ruby-git/ruby-git/pull/602
 	NOTE: https://github.com/ruby-git/ruby-git/commit/4fe8738e8348567255ab4be25867684b5d0d282d (v1.13.0)
 CVE-2021-4292 (A vulnerability was found in OpenMRS Admin UI Module up to 1.4.x. It h ...)
@@ -348594,7 +348592,6 @@ CVE-2022-25758 (All versions of package scss-tokenizer are vulnerable to Regular
 CVE-2022-25648 (The package git before 1.11.0 are vulnerable to Command Injection via  ...)
 	{DLA-3303-1}
 	- ruby-git 1.13.1-1 (bug #1009926)
-	[bullseye] - ruby-git <no-dsa> (Minor issue)
 	NOTE: https://github.com/ruby-git/ruby-git/pull/569
 	NOTE: Fixed by: https://github.com/ruby-git/ruby-git/commit/291ca0946bec7164b90ad5c572ac147f512c7159 (v1.11.0)
 	NOTE: https://security.snyk.io/vuln/SNYK-RUBY-GIT-2421270


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[15 Dec 2025] DLA-4406-1 ruby-git - security update
+	{CVE-2022-25648 CVE-2022-46648 CVE-2022-47318}
+	[bullseye] - ruby-git 1.7.0-1+deb11u1
 [13 Dec 2025] DLA-4405-1 thunderbird - security update
 	{CVE-2025-14321 CVE-2025-14322 CVE-2025-14323 CVE-2025-14324 CVE-2025-14325 CVE-2025-14328 CVE-2025-14329 CVE-2025-14330 CVE-2025-14331 CVE-2025-14333}
 	[bullseye] - thunderbird 1:140.6.0esr-1~deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -370,9 +370,6 @@ rails (rouca)
   NOTE: 20251120: Import old security release and fix. Will likely do a partial release due to number of CVEs (rouca)
   NOTE: 20251125: Do a partial release. Need to fix bookworm first (rouca)
 --
-ruby-git (utkarsh)
-  NOTE: 20251206: Added by Front-Desk. Avoid a regression from buster (rouca)
---
 ruby-sidekiq (utkarsh)
   NOTE: 20251206: Added by Front-Desk. Avoid a regression from buster (rouca)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca650fd958af6987f72fabd8482c74ffe99376b1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca650fd958af6987f72fabd8482c74ffe99376b1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251214/2398ce37/attachment-0001.htm>
