Bug#1031948: bullseye-pu: package libgit2/1.1.0+dfsg.1-4+deb11u1
Control: tags -1 + confirmed
On Sat, 2023-02-25 at 21:16 +0100, Tobias Frost wrote:
> After fixing CVE-2023-22742 for LTS and ELTS, I'd like to see
> this CVE also fixed in stable, for consistency.
>
> The CVE is an inproper ssh certificate validation vulnerabilty,
> which allows man-in-the-middle attacks.
>
+libgit2 (1.1.0+dfsg.1-4+deb11u1) bullseye-security; urgency=high
That wants to just be "bullseye".
+ This is a backport of the upstream fix to the Debian stretch version.
Presumably that comment could also do with an update.
Please go ahead.
Regards,
Adam
Reply to: