Bug#1031948: bullseye-pu: package libgit2/1.1.0+dfsg.1-4+deb11u1

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Cc: 1031948@bugs.debian.org
Subject: Bug#1031948: bullseye-pu: package libgit2/1.1.0+dfsg.1-4+deb11u1
From: Tobias Frost <tobi@debian.org>
Date: Sun, 2 Apr 2023 12:37:27 +0200
Message-id: <[🔎] ZCla569mJ+WtDlbS@isildor.loewenhoehle.ip>
Reply-to: Tobias Frost <tobi@debian.org>, 1031948@bugs.debian.org
In-reply-to: <[🔎] 4536d803dcff2b90a6dfb312bebd169fe6dec301.camel@adam-barratt.org.uk>
References: <167735621288.16282.7163189497138145944.reportbug@isildor.loewenhoehle.ip> <[🔎] 4536d803dcff2b90a6dfb312bebd169fe6dec301.camel@adam-barratt.org.uk> <167735621288.16282.7163189497138145944.reportbug@isildor.loewenhoehle.ip>

On Sat, Apr 01, 2023 at 08:13:23PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Sat, 2023-02-25 at 21:16 +0100, Tobias Frost wrote:
> > After fixing CVE-2023-22742 for LTS and ELTS, I'd like to see
> > this CVE also fixed in stable, for consistency.
> > 
> > The CVE is an inproper ssh certificate validation vulnerabilty,
> > which allows man-in-the-middle attacks.
> > 
> 
> +libgit2 (1.1.0+dfsg.1-4+deb11u1) bullseye-security; urgency=high
> 
> That wants to just be "bullseye".
> 
> + This is a backport of the upstream fix to the Debian stretch version.
> 
> Presumably that comment could also do with an update.
> 
> Please go ahead.

Thanks for the review. Fixed and uploaded!

-- 
tobi

Reply to:

References:
- Bug#1031948: bullseye-pu: package libgit2/1.1.0+dfsg.1-4+deb11u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Bug#1033739: marked as done (unblock: libmath-bigint-perl/1.999838-1)
Next by Date: Bug#1033638: marked as done (unblock: pocl/3.1-3)
Previous by thread: Processed: Re: Bug#1031948: bullseye-pu: package libgit2/1.1.0+dfsg.1-4+deb11u1
Next by thread: Bug#1031788: bullseye-pu: package publicsuffix/20230209.2326-0+deb11u1
Index(es):
- Date
- Thread