[Git][security-tracker-team/security-tracker][master] Reserve DLA-3340-1 for libgit2

Thu, 23 Feb 2023 12:21:25 -0800 


Tobias Frost pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
045a0647 by Tobias Frost at 2023-02-23T21:20:46+01:00
Reserve DLA-3340-1 for libgit2

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -212946,13 +212946,11 @@ CVE-2020-12280 (iSmartgate PRO 1.5.9 is vulnerable 
to CSRF that allows remote at
 CVE-2020-12279 (An issue was discovered in libgit2 before 0.28.4 and 0.9x 
before 0.99. ...)
        {DLA-2936-1}
        - libgit2 0.28.4+dfsg.1-2
-       [buster] - libgit2 <no-dsa> (Minor issue; only problematic when used on 
NTFS like filesystem)
        [jessie] - libgit2 <no-dsa> (Minor issue; only problematic when used on 
NTFS like filesystem)
        NOTE: 
https://github.com/libgit2/libgit2/commit/64c612cc3e25eff5fb02c59ef5a66ba7a14751e4
 CVE-2020-12278 (An issue was discovered in libgit2 before 0.28.4 and 0.9x 
before 0.99. ...)
        {DLA-2936-1}
        - libgit2 0.28.4+dfsg.1-2
-       [buster] - libgit2 <no-dsa> (Minor issue; only problematic when used on 
NTFS like filesystem)
        [jessie] - libgit2 <no-dsa> (Minor issue; only problematic when used on 
NTFS like filesystem)
        NOTE: 
https://github.com/libgit2/libgit2/commit/3f7851eadca36a99627ad78cbe56a40d3776ed01
        NOTE: 
https://github.com/libgit2/libgit2/commit/e1832eb20a7089f6383cfce474f213157f5300cb


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[23 Feb 2023] DLA-3340-1 libgit2 - security update
+       {CVE-2020-12278 CVE-2020-12279 CVE-2023-22742}
+       [buster] - libgit2 0.27.7+dfsg.1-0.2+deb10u1
 [23 Feb 2023] DLA-3339-1 binwalk - security update
        {CVE-2022-4510}
        [buster] - binwalk 2.1.2~git20180830+dfsg1-1+deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -123,11 +123,6 @@ libapache2-mod-auth-mellon (Utkarsh)
   NOTE: 20230206: VCS: 
https://salsa.debian.org/lts-team/packages/libapache2-mod-auth-mellon.git
   NOTE: 20230220: upload prepped, testing remains. (utkarsh)
 --
-libgit2 (tobi)
-  NOTE: 20230126: Programming language: C.
-  NOTE: 20230126: VCS: https://salsa.debian.org/debian/libgit2.git
-  NOTE: 20230126: Please fix also CVE-2020* (gladk).
---
 libreoffice
   NOTE: 20221012: Programming language: C++.
   NOTE: 20230111: VCS: 
https://salsa.debian.org/lts-team/packages/libreoffice.git



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/045a06470e21163b35d977a0061b8d9c15890052

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/045a06470e21163b35d977a0061b8d9c15890052
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to