open security issues in the git packages

To: Jonathan Nieder <jrnieder@debian.org>, Anders Kaseorg <andersk@mit.edu>, Roger Shimizu <rosh@debian.org>
Cc: debian-security@lists.debian.org, debian-backports@lists.debian.org, Jan Schmitt <j.schmitt@tarent.de>
Subject: open security issues in the git packages
From: Thorsten Glaser <tg@debian.org>
Date: Wed, 18 Jan 2023 23:34:37 +0000 (UTC)
Message-id: <[🔎] Pine.BSM.4.64L.2301182325110.25484@herc.mirbsd.org>

Hi Jonathan,

are you planning to fix the open security issues in git?
In addition to the two new ones from… last week I think,
given Ubuntu LTS-security has been carrying the fixes for
8 days now, there’s another four issues in stable that
are fixed in testing/sid (newer versions?) and oldstable
(LTS team) that need fixing, according to the security
tracker. The versions in Debian and *buntu don’t exactly
match, but perhaps appropriate patches for the respective
versions are available, or they apply with little fuzz?

In addition the bullseye-backports version is horribly
outdated with respect to testing (13 months old). Roger,
what are you planning to do about that? Please update or
(less ideally) ask for removal; the current state is a
disservice to users and violates the bpo rules.

Thanks in advance,
//mirabilos
-- 
Infrastrukturexperte • tarent solutions GmbH
Am Dickobskreuz 10, D-53121 Bonn • http://www.tarent.de/
Telephon +49 228 54881-393 • Fax: +49 228 54881-235
HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

Reply to:

Follow-Ups:
- Re: open security issues in the git packages
  - From: Jeremy Stanley <fungi@yuggoth.org>

Prev by Date: Re: Should singularity-container make it to next release?
Next by Date: Re: open security issues in the git packages
Previous by thread: Re: Should singularity-container make it to next release?
Next by thread: Re: open security issues in the git packages
Index(es):
- Date
- Thread