Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bd9fa4e1 by Salvatore Bonaccorso at 2023-07-08T09:05:31+02:00
Revert "setup-repo: ensure hooks directory exists"
This reverts commit e57c301b2c5ad6d664d964aa961e2edfb6c6e4cc.
Reasoning for the revert: At the point mkdir -p "$GIT_HOOKS_DIR" we
did
already several operations on ${HOOK}. So ensuring the directory exists
seems likely to be done earlier. What concrete case did lead to this
change?
- - - - -
5f5c75cd by Salvatore Bonaccorso at 2023-07-08T09:09:42+02:00
Add reference to pull request for CVE-2023-36830/sqlfluff
- - - - -
7674de2c by Salvatore Bonaccorso at 2023-07-08T09:16:09+02:00
Track fixed version for CVE-2023-35934/yt-dlp
- - - - -
2 changed files:
- bin/setup-repo
- data/CVE/list
Changes:
=====================================
bin/setup-repo
=====================================
@@ -30,7 +30,6 @@ install_pre_commit_hook() {
fi
echo "Installing pre-commit hook"
- mkdir -p "$GIT_HOOKS_DIR"
ln -s "${SRC}" "${HOOK}"
}
=====================================
data/CVE/list
=====================================
@@ -168,6 +168,7 @@ CVE-2023-36830 (SQLFluff is a SQL linter. Prior to version
2.1.2, in environment
- sqlfluff <unfixed>
[bookworm] - sqlfluff <no-dsa> (Minor issue)
NOTE:
https://github.com/sqlfluff/sqlfluff/security/advisories/GHSA-jqhc-m2j3-fjrx
+ NOTE: https://github.com/sqlfluff/sqlfluff/pull/4925
CVE-2023-36823 (Sanitize is an allowlist-based HTML and CSS sanitizer. Using
carefully ...)
- ruby-sanitize <unfixed>
NOTE:
https://github.com/rgrove/sanitize/commit/76ed46e6dc70820f38efe27de8dabd54dddb5220
(v6.0.2)
@@ -191,7 +192,7 @@ CVE-2023-35948 (Novu provides an API for sending
notifications through multiple
CVE-2023-35937 (Metersphere is an open source continuous testing platform. In
versions ...)
NOT-FOR-US: Metersphere
CVE-2023-35934 (yt-dlp is a command-line program to download videos from video
sites. ...)
- - yt-dlp <unfixed> (bug #1040595)
+ - yt-dlp 2023.07.06-1 (bug #1040595)
[bookworm] - yt-dlp <no-dsa> (Minor issue)
[bullseye] - yt-dlp <no-dsa> (Minor issue)
NOTE:
https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-v8mc-9377-rwjj
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/05c027116d32666424ddc4a3691af9547473c826...7674de2c562e48838b32d777e98dde331850765c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/05c027116d32666424ddc4a3691af9547473c826...7674de2c562e48838b32d777e98dde331850765c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
