Bug#1031948: bullseye-pu: package libgit2/1.1.0+dfsg.1-4+deb11u1

To: Tobias Frost <tobi@debian.org>, 1031948@bugs.debian.org
Subject: Bug#1031948: bullseye-pu: package libgit2/1.1.0+dfsg.1-4+deb11u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 01 Apr 2023 20:13:23 +0100
Message-id: <[🔎] 4536d803dcff2b90a6dfb312bebd169fe6dec301.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1031948@bugs.debian.org
In-reply-to: <167735621288.16282.7163189497138145944.reportbug@isildor.loewenhoehle.ip>
References: <167735621288.16282.7163189497138145944.reportbug@isildor.loewenhoehle.ip> <167735621288.16282.7163189497138145944.reportbug@isildor.loewenhoehle.ip>

Control: tags -1 + confirmed

On Sat, 2023-02-25 at 21:16 +0100, Tobias Frost wrote:
> After fixing CVE-2023-22742 for LTS and ELTS, I'd like to see
> this CVE also fixed in stable, for consistency.
> 
> The CVE is an inproper ssh certificate validation vulnerabilty,
> which allows man-in-the-middle attacks.
> 

+libgit2 (1.1.0+dfsg.1-4+deb11u1) bullseye-security; urgency=high

That wants to just be "bullseye".

+ This is a backport of the upstream fix to the Debian stretch version.

Presumably that comment could also do with an update.

Please go ahead.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#1031948: bullseye-pu: package libgit2/1.1.0+dfsg.1-4+deb11u1
  - From: Tobias Frost <tobi@debian.org>

Prev by Date: Processed: Re: Bug#1032134: bullseye-pu: package node-cookiejar/2.1.2-1+deb11u1
Next by Date: Processed: Re: Bug#1031948: bullseye-pu: package libgit2/1.1.0+dfsg.1-4+deb11u1
Previous by thread: Processed: Re: Bug#1032134: bullseye-pu: package node-cookiejar/2.1.2-1+deb11u1
Next by thread: Processed: Re: Bug#1031948: bullseye-pu: package libgit2/1.1.0+dfsg.1-4+deb11u1
Index(es):
- Date
- Thread