Your message dated Tue, 19 Sep 2023 21:53:13 +0200
with message-id <[email protected]>
and subject line Re: Accepted python-git 3.1.36-1 (source) into unstable
has caused the Debian Bug report #1043503,
regarding python-git: CVE-2023-40267
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1043503: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043503
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: python-git
Version: 3.1.30-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/gitpython-developers/GitPython/pull/1609
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for python-git.
CVE-2023-40267[0]:
| GitPython before 3.1.32 does not block insecure non-multi options in
| clone and clone_from. NOTE: this issue exists because of an
| incomplete fix for CVE-2022-24439.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-40267
https://www.cve.org/CVERecord?id=CVE-2023-40267
[1] https://github.com/gitpython-developers/GitPython/pull/1609
[2]
https://github.com/gitpython-developers/GitPython/commit/5c59e0d63da6180db8a0b349f0ad36fef42aceed
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: python-git
Source-Version: 3.1.36-1
This upload fixes as well CVE-2023-40267 / #1043503.
On Mon, Sep 18, 2023 at 08:39:50PM +0000, Debian FTP Masters wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Format: 1.8
> Date: Mon, 18 Sep 2023 22:09:04 +0200
> Source: python-git
> Architecture: source
> Version: 3.1.36-1
> Distribution: unstable
> Urgency: medium
> Maintainer: Debian Python Team <[email protected]>
> Changed-By: Hans-Christoph Steiner <[email protected]>
> Changes:
> python-git (3.1.36-1) unstable; urgency=medium
> .
> * Team upload.
> * New upstream version 3.1.36
> Checksums-Sha1:
> 160c3306a75acdd0fa514114abd18a77f864f096 2397 python-git_3.1.36-1.dsc
> ed816f20cf47cf25778bb45c543288df58e15326 486095 python-git_3.1.36.orig.tar.gz
> 2af815d362edd01f1a01c862d5cf0fa5636aaaee 6908
> python-git_3.1.36-1.debian.tar.xz
> 74ec8194c0076df30d91675728a6240b05097437 8678
> python-git_3.1.36-1_source.buildinfo
> Checksums-Sha256:
> 3ed1350f5c6923148de5f1a6706f6132c55b5b1d49105a28f42286677076d3d7 2397
> python-git_3.1.36-1.dsc
> 17655e095db95f6d25affada911b706483075532719ad6df7bbc879e2b8c1838 486095
> python-git_3.1.36.orig.tar.gz
> 7356abc0d18d823826e7bdab53fcd936baa71d4d0983118edd96ca1331b3db1c 6908
> python-git_3.1.36-1.debian.tar.xz
> d20f33a39afb3746e79461083a3229019cefee992148b1ad94e354071987f58f 8678
> python-git_3.1.36-1_source.buildinfo
> Files:
> 2ff6c912c00fa4b2e84cb9b2b4538301 2397 python optional python-git_3.1.36-1.dsc
> a8be797f09ac62557c8835fd537eec3b 486095 python optional
> python-git_3.1.36.orig.tar.gz
> 8d055bc9906e2c35ea98eeee82dad279 6908 python optional
> python-git_3.1.36-1.debian.tar.xz
> f2022f547c1f750efa290bc749bcb4d7 8678 python optional
> python-git_3.1.36-1_source.buildinfo
>
> -----BEGIN PGP SIGNATURE-----
>
> iQEzBAEBCAAdFiEElyI52+aGmfUmwGoFPhd4F7obm/oFAmUIrtwACgkQPhd4F7ob
> m/r/Wwf+PcUuu12rqQsE2u6XzDdj1UstwxnaUc1CLcQsBS5H7OI3aBe63G6p8E/L
> r3AE+Tn2Zpowim9DatGU+Cbfc9yHWtdHlp6oiqqII7RMVMFQf+dObnVGNiOC8aPu
> TMXXMXwrV8AvLg3KTeWj027VPwkbtDDABWujrYyotuwfx8F/CruksvviHWsvG2Z3
> MDj1zPY8yE4XwRCnl6H5IPGWa+h3Fv88kEf4c4HM3+tT4cn4uZ/klBt7t34eIjgB
> 2YT+0L4NLLrmSYCOUv7K/Bk1Y0X1mUpxh7sj3DXxWxf0GgpKCrKGaZNJ+0lUAHqv
> AhSd8jtDJ+SMXLMyPQOTa5CDPLs6kg==
> =7Ffu
> -----END PGP SIGNATURE-----
>
--- End Message ---
