Utkarsh Gupta pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
be53887b by Utkarsh Gupta at 2023-01-31T03:50:15+05:30
Reserve DLA-3303-1 for ruby-git
- - - - -
2 changed files:
- data/CVE/list
- data/DLA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -74099,7 +74099,6 @@ CVE-2022-25758 (All versions of package scss-tokenizer
are vulnerable to Regular
CVE-2022-25648 (The package git before 1.11.0 are vulnerable to Command
Injection via ...)
- ruby-git 1.13.1-1 (bug #1009926)
[bullseye] - ruby-git <no-dsa> (Minor issue)
- [buster] - ruby-git <no-dsa> (Minor issue)
NOTE: https://github.com/ruby-git/ruby-git/pull/569
NOTE: Fixed by:
https://github.com/ruby-git/ruby-git/commit/291ca0946bec7164b90ad5c572ac147f512c7159
(v1.11.0)
NOTE: https://security.snyk.io/vuln/SNYK-RUBY-GIT-2421270
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[31 Jan 2023] DLA-3303-1 ruby-git - security update
+ {CVE-2022-25648 CVE-2022-46648 CVE-2022-47318}
+ [buster] - ruby-git 1.2.8-1+deb10u1
[31 Jan 2023] DLA-3302-1 nova - security update
{CVE-2022-47951}
[buster] - nova 2:18.1.0-6+deb10u2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be53887be480c3bd0a4af216f8dee8d5c5719ae1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be53887be480c3bd0a4af216f8dee8d5c5719ae1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
