On Sat, Apr 01, 2023 at 08:13:23PM +0100, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Sat, 2023-02-25 at 21:16 +0100, Tobias Frost wrote: > > After fixing CVE-2023-22742 for LTS and ELTS, I'd like to see > > this CVE also fixed in stable, for consistency. > > > > The CVE is an inproper ssh certificate validation vulnerabilty, > > which allows man-in-the-middle attacks. > > > > +libgit2 (1.1.0+dfsg.1-4+deb11u1) bullseye-security; urgency=high > > That wants to just be "bullseye". > > + This is a backport of the upstream fix to the Debian stretch version. > > Presumably that comment could also do with an update. > > Please go ahead.
Thanks for the review. Fixed and uploaded! -- tobi