Utkarsh Gupta pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ca650fd9 by Utkarsh Gupta at 2025-12-15T00:43:55+05:30
Reserve DLA-4406-1 for ruby-git
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -280886,13 +280886,11 @@ CVE-2022-4768 (A vulnerability was found in Dropbox
merou. It has been classifie
CVE-2022-47318 (ruby-git versions prior to v1.13.0 allows a remote
authenticated attac ...)
{DLA-3303-1}
- ruby-git 1.13.1-1
- [bullseye] - ruby-git <no-dsa> (Minor issue)
NOTE: https://github.com/ruby-git/ruby-git/pull/602
NOTE:
https://github.com/ruby-git/ruby-git/commit/4fe8738e8348567255ab4be25867684b5d0d282d
(v1.13.0)
CVE-2022-46648 (ruby-git versions prior to v1.13.0 allows a remote
authenticated attac ...)
{DLA-3303-1}
- ruby-git 1.13.1-1
- [bullseye] - ruby-git <no-dsa> (Minor issue)
NOTE: https://github.com/ruby-git/ruby-git/pull/602
NOTE:
https://github.com/ruby-git/ruby-git/commit/4fe8738e8348567255ab4be25867684b5d0d282d
(v1.13.0)
CVE-2021-4292 (A vulnerability was found in OpenMRS Admin UI Module up to
1.4.x. It h ...)
@@ -348594,7 +348592,6 @@ CVE-2022-25758 (All versions of package
scss-tokenizer are vulnerable to Regular
CVE-2022-25648 (The package git before 1.11.0 are vulnerable to Command
Injection via ...)
{DLA-3303-1}
- ruby-git 1.13.1-1 (bug #1009926)
- [bullseye] - ruby-git <no-dsa> (Minor issue)
NOTE: https://github.com/ruby-git/ruby-git/pull/569
NOTE: Fixed by:
https://github.com/ruby-git/ruby-git/commit/291ca0946bec7164b90ad5c572ac147f512c7159
(v1.11.0)
NOTE: https://security.snyk.io/vuln/SNYK-RUBY-GIT-2421270
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[15 Dec 2025] DLA-4406-1 ruby-git - security update
+ {CVE-2022-25648 CVE-2022-46648 CVE-2022-47318}
+ [bullseye] - ruby-git 1.7.0-1+deb11u1
[13 Dec 2025] DLA-4405-1 thunderbird - security update
{CVE-2025-14321 CVE-2025-14322 CVE-2025-14323 CVE-2025-14324
CVE-2025-14325 CVE-2025-14328 CVE-2025-14329 CVE-2025-14330 CVE-2025-14331
CVE-2025-14333}
[bullseye] - thunderbird 1:140.6.0esr-1~deb11u1
=====================================
data/dla-needed.txt
=====================================
@@ -370,9 +370,6 @@ rails (rouca)
NOTE: 20251120: Import old security release and fix. Will likely do a
partial release due to number of CVEs (rouca)
NOTE: 20251125: Do a partial release. Need to fix bookworm first (rouca)
--
-ruby-git (utkarsh)
- NOTE: 20251206: Added by Front-Desk. Avoid a regression from buster (rouca)
---
ruby-sidekiq (utkarsh)
NOTE: 20251206: Added by Front-Desk. Avoid a regression from buster (rouca)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca650fd958af6987f72fabd8482c74ffe99376b1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca650fd958af6987f72fabd8482c74ffe99376b1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
