Any updates on CVE-2018-1000021

To: debian-security-tracker <debian-security-tracker@lists.debian.org>
Subject: Any updates on CVE-2018-1000021
From: Leoš Sokolowski <leos@sklw.de>
Date: Fri, 05 May 2023 13:48:29 +0000
Message-id: <[🔎] PgNl0Mp2b_NIMFYAk9EwNcnCEgG-gUy3dHtzfFCzMPkuAkv28iEnSWL3qIJVmlSpz_1fWiZ8Nigmw0zRSt1L0azELlhkTlFf4xQ5BAzYHOE=@sklw.de>

Hi,

I'd like to ask if there's any update on the git-vulnerability CVE-2018-100002. According to the description on both the tracker and the NVD it has been fixed since Version 2.15.1, but the security trackers of both Debian and Ubuntu still list it as vulnerable on all Versions, up to 1:2.40.1-1. I'm pretty sure that's wrong. Is that a problem that has been kept in the application for legacy-reasons or something that has been fixed upstream, copied, but not marked as fixed in the tracker? The last update on the linked bug-report (889680) is from 2018 and appears to be spam.

Thanks in advance
Leos

Attachment: publickey - EmailAddress(s=leos@sklw.de) - 0x49C909DA.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: Any updates on CVE-2018-1000021
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: External check
Next by Date: Re: Any updates on CVE-2018-1000021
Previous by thread: External check
Next by thread: Re: Any updates on CVE-2018-1000021
Index(es):
- Date
- Thread