Aron Xu pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7a81e0fb by Aron Xu at 2023-01-29T15:00:36+08:00
Reserve DSA-5332-1 for git
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -35492,7 +35492,6 @@ CVE-2022-39261 (Twig is a template language for PHP.
Versions 1.x prior to 1.44.
CVE-2022-39260 (Git is an open source, scalable, distributed revision control
system. ...)
{DLA-3239-1}
- git 1:2.38.1-1 (bug #1022046)
- [bullseye] - git <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/18/5
NOTE: https://lore.kernel.org/git/[email protected]/T/#u
NOTE:
https://github.com/git/git/commit/32696a4cbe90929ae79ea442f5102c513ce3dfaa
(v2.30.6)
@@ -35516,7 +35515,6 @@ CVE-2022-39254 (matrix-nio is a Python Matrix client
library, designed according
CVE-2022-39253 (Git is an open source, scalable, distributed revision control
system. ...)
{DLA-3239-1}
- git 1:2.38.1-1 (bug #1022046)
- [bullseye] - git <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/18/5
NOTE: https://lore.kernel.org/git/[email protected]/T/#u
NOTE:
https://github.com/git/git/commit/6f054f9fb3a501c35b55c65e547a244f14c38d56
(v2.30.6)
@@ -64008,7 +64006,6 @@ CVE-2022-29188 (Smokescreen is an HTTP proxy. The
primary use case for Smokescre
CVE-2022-29187 (Git is a distributed revision control system. Git prior to
versions 2. ...)
{DLA-3239-1}
- git 1:2.37.2-1 (bug #1014848)
- [bullseye] - git <no-dsa> (Minor issue)
NOTE:
https://lists.q42.co.uk/pipermail/git-announce/2022-July/001250.html
NOTE:
https://github.com/git/git/commit/3b0bf2704980b1ed6018622bdf5377ec22289688
(v2.30.5)
NOTE:
https://github.com/git/git/commit/ae9abbb63eea74441e3e8b153dc6ec1f94c373b4
(v2.30.5) (regression)
@@ -76899,7 +76896,6 @@ CVE-2022-24766 (mitmproxy is an interactive,
SSL/TLS-capable intercepting proxy.
CVE-2022-24765 (Git for Windows is a fork of Git containing Windows-specific
patches. ...)
{DLA-3239-1}
- git 1:2.35.2-1
- [bullseye] - git <no-dsa> (Minor issue)
[stretch] - git <no-dsa> (Minor issue)
NOTE:
https://github.com/git/git/commit/6e7ad1e4c22e7038975ba37c7413374fe566b064
(v2.30.3)
NOTE:
https://github.com/git/git/commit/bdc77d1d685be9c10b88abb281a42bc620548595
(v2.30.3)
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[29 Jan 2023] DSA-5332-1 git - security update
+ {CVE-2022-23521 CVE-2022-24765 CVE-2022-29187 CVE-2022-39253
CVE-2022-39260 CVE-2022-41903}
+ [bullseye] - git 1:2.30.2-1+deb11u1
[28 Jan 2023] DSA-5331-1 openjdk-11 - security update
{CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628
CVE-2022-39399 CVE-2023-21835 CVE-2023-21843}
[bullseye] - openjdk-11 11.0.18+10-1~deb11u1
=====================================
data/dsa-needed.txt
=====================================
@@ -14,8 +14,6 @@ If needed, specify the release by adding a slash after the
name of the source pa
--
frr
--
-git (aron)
---
jupyter-core
Maintainer asked for availability to prepare updates
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a81e0fb8bc72244e0d64eb092e2bd5b6d3da894
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a81e0fb8bc72244e0d64eb092e2bd5b6d3da894
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
