Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
66a4d5f5 by Sylvain Beucler at 2022-12-08T17:21:06+01:00
CVE-2022-24765/git: reference further fixes
- - - - -
04e42886 by Sylvain Beucler at 2022-12-08T17:21:07+01:00
CVE-2022-29187/git: reference further fixes
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -51284,6 +51284,10 @@ CVE-2022-29187 (Git is a distributed revision control
system. Git prior to versi
[buster] - git <no-dsa> (Minor issue)
NOTE:
https://lists.q42.co.uk/pipermail/git-announce/2022-July/001250.html
NOTE:
https://github.com/git/git/commit/3b0bf2704980b1ed6018622bdf5377ec22289688
(v2.30.5)
+ NOTE:
https://github.com/git/git/commit/ae9abbb63eea74441e3e8b153dc6ec1f94c373b4
(v2.30.5) (regression)
+ NOTE:
https://github.com/git/git/commit/5f1a3fec8c304decaa9af2bf503712050a4a84e0
(v2.30.5) (regression test)
+ NOTE:
https://github.com/git/git/commit/b9063afda17a2aa6310423c9f7b776c41f753091
(v2.30.5) (regression test)
+ NOTE:
https://github.com/git/git/commit/6b11e3d52e919cce91011f4f9025e6f4b61375f2
(v2.30.5) (regression)
NOTE: Relates to CVE-2022-24765.
CVE-2022-29186 (Rundeck is an open source automation service with a web
console, comma ...)
NOT-FOR-US: Rundeck
@@ -64194,11 +64198,15 @@ CVE-2022-24765 (Git for Windows is a fork of Git
containing Windows-specific pat
NOTE:
https://github.com/git/git/commit/bdc77d1d685be9c10b88abb281a42bc620548595
(v2.30.3)
NOTE:
https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9
(v2.30.3)
NOTE:
https://github.com/git/git/commit/fdcad5a53e14bd397e4fa323e7fd0c3bf16dd373
(v2.30.3)
- NOTE:
https://github.com/git/git/commit/cb95038137e9e66fc6a6b4a0e8db62bcc521b709
(v2.30.3)
+ NOTE:
https://github.com/git/git/commit/cb95038137e9e66fc6a6b4a0e8db62bcc521b709
(v2.30.3) (doc)
+ NOTE:
https://github.com/git/git/commit/e47363e5a8bdf5144059d664c45c0975243ef05b
(v2.30.4) (regression)
+ NOTE:
https://github.com/git/git/commit/bb50ec3cc300eeff3aba7a2bea145aabdb477d31
(v2.30.4) (regression)
+ NOTE:
https://github.com/git/git/commit/0f85c4a30b072a26d74af8bbf63cc8f6a5dfc1b8
(v2.30.4) (functional change mitigation / opt-out)
NOTE: https://lore.kernel.org/git/[email protected]/
NOTE: Limitations of ownership checking for the CVE fix:
NOTE:
https://lore.kernel.org/git/CAKJfoCEgiNvQJGt=rgytakq1i2ihrpmx2sz3zxg-y66l+1q...@mail.gmail.com/
NOTE:
https://github.blog/2022-04-12-git-security-vulnerability-announced/
+ NOTE: See CVE-2022-29187 for further fixes
CVE-2022-24764 (PJSIP is a free and open source multimedia communication
library writt ...)
{DSA-5285-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d640702fe655202598f28f2ac4723bc1395e6ac9...04e42886438cf9630c21c8565defae7ecc9df881
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d640702fe655202598f28f2ac4723bc1395e6ac9...04e42886438cf9630c21c8565defae7ecc9df881
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
