[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

What's up with the git-core package?


on a lenny system with the package git-core installed from the security
repository, debsecan marks CVE-2010-2542 as not fixed. In the last weeks,
I saw different versions popping up. At least, on claims to fix
CVE-2010-2542. Here are the changelog entries:

git-core (1: stable-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fix permission problem on i386, a regression introduced by
    1: Closes: #595728

 -- Stefan Fritsch <sf@debian.org>  Fri, 24 Sep 2010 20:56:12 +0200

git-core (1: lenny-volatile; urgency=low

  * Non-maintainer upload.
  * Rebuild for lenny-volatile (i386 only), to get proper permissions
    on the git repository template directory.

 -- Philipp Kern <pkern@debian.org>  Tue, 14 Sep 2010 22:29:28 +0200

git-core (1: stable; urgency=high

  * Non-maintainer upload.
  * debian/diff/0009-CVE-2010-2542.diff:
    new; fix stack-based buffer overflow in handling gitdir
    paths (Closes: #590026).

 -- Nico Golde <nion@debian.org>  Tue, 27 Jul 2010 15:44:10 +0000

Does someone know why Philipp Kern made the upload to volatile fixing
only i386? Has he told the security team about his intent?

Why the list in the secure-testing repository has an entry for
1: Where is this version?


[26 Sep 2010] DSA-2114-1 git-core
        [lenny] - git-core 1:

Regards, Jörg
Fuchs' Paradoxon (http://www.bruhaha.de/laws.html):
Wer eine allgemeine Frage beliebigen Themas nach de.alt.arnooo postet und
eine ernsthafte Antwort erwartet, ist dort eigentlich ziemlich ontopic.

Reply to: