Control: tags -1 + confirmed On Sat, 2023-02-25 at 21:16 +0100, Tobias Frost wrote: > After fixing CVE-2023-22742 for LTS and ELTS, I'd like to see > this CVE also fixed in stable, for consistency. > > The CVE is an inproper ssh certificate validation vulnerabilty, > which allows man-in-the-middle attacks. >
+libgit2 (1.1.0+dfsg.1-4+deb11u1) bullseye-security; urgency=high That wants to just be "bullseye". + This is a backport of the upstream fix to the Debian stretch version. Presumably that comment could also do with an update. Please go ahead. Regards, Adam
