Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 0fa9fc25 by Salvatore Bonaccorso at 2022-11-18T21:11:19+01:00 Update information for CVE-2022-36069 The issue is actually in poetry-core: From poetry 1.1.9 release notes there is the according reference: Fixed an issue where unsafe parameters could be passed to git commands. (python-poetry/poetry-core#203) https://github.com/python-poetry/poetry-core/pull/203 is in poetry core and fixed for the 1.0 branch in the 1.0.5 upstream version. First included in poetry-core/1.0.7-1 upload to unstable. Update tracking to associate it to poetry-core. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -27732,8 +27732,12 @@ CVE-2022-36070 (Poetry is a dependency manager for Python. To handle dependencie - poetry <not-affected> (Windows-specific) NOTE: https://github.com/python-poetry/poetry/security/advisories/GHSA-j4j9-7hg9-97g6 CVE-2022-36069 (Poetry is a dependency manager for Python. When handling dependencies ...) - - poetry <not-affected> (Fixed before initial upload to the archive) + - poetry-core 1.0.7-1 NOTE: https://github.com/python-poetry/poetry/security/advisories/GHSA-9xgj-fcgf-x6mw + NOTE: https://github.com/python-poetry/poetry-core/pull/202 + NOTE: Backport to 1.0 branch: https://github.com/python-poetry/poetry-core/pull/203 + NOTE: https://github.com/python-poetry/poetry-core/commit/cc84be60ac9af549664051c2684621db51d05ff1 (1.1.0a7) + NOTE: https://github.com/python-poetry/poetry-core/commit/13a13ac7f8f2b596c68830da6fa8c059af59e1ac (1.0.5) CVE-2022-36068 (Discourse is an open source discussion platform. In versions prior to ...) NOT-FOR-US: Discourse CVE-2022-36067 (vm2 is a sandbox that can run untrusted code with whitelisted Node's b ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fa9fc25da4abafaef5487097017dc28a6d8be98 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fa9fc25da4abafaef5487097017dc28a6d8be98 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
