Your message dated Thu, 26 Jan 2023 06:34:31 +0000 with message-id <e1pkvqb-00805c...@fasolo.debian.org> and subject line Bug#1029114: fixed in git 1:2.39.1-0.1 has caused the Debian Bug report #1029114, regarding git: CVE-2022-23521 CVE-2022-41903 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1029114: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029114 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: git Version: 1:2.30.2-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 1:2.39.0-1 Hi, The following vulnerabilities were published for git. CVE-2022-23521[0]: | gitattributes parsing integer overflow CVE-2022-41903[1]: | heap overflow in `git archive` and `git log --format` If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-23521 https://www.cve.org/CVERecord?id=CVE-2022-23521 [1] https://security-tracker.debian.org/tracker/CVE-2022-41903 https://www.cve.org/CVERecord?id=CVE-2022-41903 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: git Source-Version: 1:2.39.1-0.1 Done: Aron Xu <a...@debian.org> We believe that the bug you reported is fixed in the latest version of git, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1029...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aron Xu <a...@debian.org> (supplier of updated git package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 26 Jan 2023 13:43:04 +0800 Source: git Architecture: source Version: 1:2.39.1-0.1 Distribution: unstable Urgency: medium Maintainer: Jonathan Nieder <jrnie...@gmail.com> Changed-By: Aron Xu <a...@debian.org> Closes: 1029114 Changes: git (1:2.39.1-0.1) unstable; urgency=medium . * Non-maintainer upload. * New upstream stable release (Closes: #1029114) Fixes CVE-2022-23521 and CVE-2022-41903. Checksums-Sha1: e823bf4a2ca4769c92ab7ae79ea79a892d7401c9 2459 git_2.39.1-0.1.dsc 3a35d0571c517f7f4cb2e1dfbd315e7c32023e2b 7160744 git_2.39.1.orig.tar.xz d93598b6386ea611a7dd8e21883fb38384fc0701 739356 git_2.39.1-0.1.debian.tar.xz 348693a4dfb3f49a4063f68e07108b2553be4c6d 7405 git_2.39.1-0.1_source.buildinfo Checksums-Sha256: 87f9907d0f775692103217101fb7a08a37f3ba688f03d3f12ae3d51e7dc4c4a7 2459 git_2.39.1-0.1.dsc 40a38a0847b30c371b35873b3afcf123885dd41ea3ecbbf510efa97f3ce5c161 7160744 git_2.39.1.orig.tar.xz 2cf3a5cf45404a182e2b8dda108958ce9de37403d662a83d41d8d125dfc0e8d2 739356 git_2.39.1-0.1.debian.tar.xz ff930860e8264e8bb111da240aff4f35819d9077505a1705b522c3607b5e73b9 7405 git_2.39.1-0.1_source.buildinfo Files: 48bf61441a16307f212a03f8e1eb7d2f 2459 vcs optional git_2.39.1-0.1.dsc 74b450a513504fd7b3f5016f80de5e54 7160744 vcs optional git_2.39.1.orig.tar.xz 1754ad5f621314bcd24b6d8590bcac7e 739356 vcs optional git_2.39.1-0.1.debian.tar.xz 327ca040f49e099bce5f5bf190956a86 7405 vcs optional git_2.39.1-0.1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmPSGMkACgkQO1LKKgqv 2VQn1gf9F4pwWr7H0Cx6ClZh69yUSr74DHZxUr2sqgROFePXHNdzUSsFEo/3UWR8 5vX0nnv8s2sxPIgt09ItLXWSnfkYQ/sph9FaPzSNm67cAcSxrXD8wx2bq4hlZN96 Y5sBjLvU87sX87ksO4mGvTD2TRtxyllkdjgXspa3tEG2vblOUzyqh6xiWhazZ1Ry 7ymnlRyYMHg0/D6sB23GC2KxGfrlJA1LweRQen22W7XJD0t+J3ieaJey6S52pem+ FIDeiEh9ZnkHXkSK3yq2ggRNHbef1kHaVHA/olFZl1V7n4wzpvFZBme5ye7nTFBe fjBNWTrQiU039FzeDLflaQeD0tKGzQ== =ChIa -----END PGP SIGNATURE-----
--- End Message ---
