Source: python-git Version: 3.1.30-1 Severity: important Tags: security upstream Forwarded: https://github.com/gitpython-developers/GitPython/pull/1609 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for python-git. CVE-2023-40267[0]: | GitPython before 3.1.32 does not block insecure non-multi options in | clone and clone_from. NOTE: this issue exists because of an | incomplete fix for CVE-2022-24439. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-40267 https://www.cve.org/CVERecord?id=CVE-2023-40267 [1] https://github.com/gitpython-developers/GitPython/pull/1609 [2] https://github.com/gitpython-developers/GitPython/commit/5c59e0d63da6180db8a0b349f0ad36fef42aceed Please adjust the affected versions in the BTS as needed. Regards, Salvatore