Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: 6d370503 by Sylvain Beucler at 2023-07-25T12:08:36+02:00 Reserve DLA-3502-1 for python-git - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -104259,7 +104259,6 @@ CVE-2022-24440 (The package cocoapods-downloader before 1.6.0, from 1.6.2 and be CVE-2022-24439 (All versions of package gitpython are vulnerable to Remote Code Execut ...) - python-git 3.1.30-1 (bug #1027163) [bullseye] - python-git <no-dsa> (Minor issue) - [buster] - python-git <no-dsa> (Minor issue) NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858 NOTE: https://github.com/gitpython-developers/GitPython/commit/787359d80d80225095567340aa5e7ec01847fa9a (3.1.30) NOTE: https://github.com/gitpython-developers/GitPython/commit/678a8fe08dd466fcfe8676294b52887955138960 (3.1.30) ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[25 Jul 2023] DLA-3502-1 python-git - security update + {CVE-2022-24439} + [buster] - python-git 2.1.11-1+deb10u1 [25 Jul 2023] DLA-3501-1 renderdoc - security update {CVE-2023-33863 CVE-2023-33864 CVE-2023-33865} [buster] - renderdoc 1.2+dfsg-2+deb10u1 ===================================== data/dla-needed.txt ===================================== @@ -124,9 +124,6 @@ pandoc (guilhem) NOTE: 20230721: Discovered the upstream fix for CVE-2023-35936 was incomplete, NOTE: 20230721: got in touch with them and requested a new CVE. (guilhem) -- -python-git (Sylvain Beucler) - NOTE: 20230724: Added by Front-Desk (apo) --- python-glance-store NOTE: 20230525: Added by Front-Desk (lamby) NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d370503f40d83a7778cc08aab79ff9a73a856ec -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d370503f40d83a7778cc08aab79ff9a73a856ec You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits