Bug#1031948: bullseye-pu: package libgit2/1.1.0+dfsg.1-4+deb11u1
On Sat, Apr 01, 2023 at 08:13:23PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Sat, 2023-02-25 at 21:16 +0100, Tobias Frost wrote:
> > After fixing CVE-2023-22742 for LTS and ELTS, I'd like to see
> > this CVE also fixed in stable, for consistency.
> >
> > The CVE is an inproper ssh certificate validation vulnerabilty,
> > which allows man-in-the-middle attacks.
> >
>
> +libgit2 (1.1.0+dfsg.1-4+deb11u1) bullseye-security; urgency=high
>
> That wants to just be "bullseye".
>
> + This is a backport of the upstream fix to the Debian stretch version.
>
> Presumably that comment could also do with an update.
>
> Please go ahead.
Thanks for the review. Fixed and uploaded!
--
tobi
Reply to: