Re: open security issues in the git packages

To: debian-security@lists.debian.org
Subject: Re: open security issues in the git packages
From: Jeremy Stanley <fungi@yuggoth.org>
Date: Thu, 19 Jan 2023 14:04:53 +0000
Message-id: <[🔎] 20230119140452.unw43crapjlvhh4f@yuggoth.org>
In-reply-to: <[🔎] Pine.BSM.4.64L.2301182325110.25484@herc.mirbsd.org>

On 2023-01-18 23:34:37 +0000 (UTC), Thorsten Glaser wrote:
[...]
> The versions in Debian and *buntu don’t exactly match, but perhaps
> appropriate patches for the respective versions are available, or
> they apply with little fuzz?
[...]

Just a data point around this, I spent a good chunk of yesterday
porting Ubuntu's 22-patch series for CVE-2022-23521 and
CVE-2022-41903 from the 1:2.25.1-1ubuntu3.7 package in focal-updates
to the 1:2.30.2-1 in bullseye. The only patch my colleagues and I
found which needed adjustment was 0012, and for that I was able to
apply upstream commit 3c50032 directly instead.
-- 
Jeremy Stanley

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: open security issues in the git packages
  - From: Jeremy Stanley <fungi@yuggoth.org>

References:
- open security issues in the git packages
  - From: Thorsten Glaser <tg@debian.org>

Prev by Date: open security issues in the git packages
Next by Date: Re: open security issues in the git packages
Previous by thread: open security issues in the git packages
Next by thread: Re: open security issues in the git packages
Index(es):
- Date
- Thread