Skip to content

fix: correct ECOSYSTEM fixed versions in GHSA-4j5j-58j7-6c3w (dulwich) and GHSA-pfr9-2p92-qrhq (dbn) #7480

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
DEVSOG12 wants to merge 2 commits into from
Closed

fix: correct ECOSYSTEM fixed versions in GHSA-4j5j-58j7-6c3w (dulwich) and GHSA-pfr9-2p92-qrhq (dbn) #7480

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2361e5e
fix: correct GHSA-4j5j-58j7-6c3w dulwich fixed version 0.9.9 -> 0.10.0
DEVSOG12 Apr 21, 2026
2a7a499
fix: correct GHSA-pfr9-2p92-qrhq dbn fixed version 0.22.0 -> 0.22.1
DEVSOG12 Apr 21, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions advisories/github-reviewed/2022/05/GHSA-4j5j-58j7-6c3w/GHSA-4j5j-58j7-6c3w.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
{
"schema_version": "1.4.0",
"id": "GHSA-4j5j-58j7-6c3w",
"modified": "2024-09-20T17:38:53Z",
"modified": "2026-04-21T00:00:00Z",
Copy link

Copilot AI Apr 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The modified timestamp is set to an exact midnight value, which looks like a placeholder rather than the actual update time. Consider using the real modification time (or whatever timestamping convention this repo expects) so the advisory metadata remains precise and consistent for consumers.

Suggested change
"modified": "2026-04-21T00:00:00Z",
"modified": "2024-04-30T08:40:04Z",

Copilot uses AI. Check for mistakes.
"published": "2022-05-17T04:14:03Z",
"aliases": [
"CVE-2014-9706"
],
"summary": "Dulwich Arbitrary code execution via commit with directory path starting with .git",
"details": "The `build_index_from_tree` function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with `.git/`, which is not properly handled when checking out a working tree.",
"details": "The `build_index_from_tree` function in index.py in Dulwich before 0.10.0 allows remote attackers to execute arbitrary code via a commit with a directory path starting with `.git/`, which is not properly handled when checking out a working tree.",
"severity": [
{
"type": "CVSS_V3",
Expand All @@ -32,7 +32,7 @@
"introduced": "0"
},
{
"fixed": "0.9.9"
"fixed": "0.10.0"
}
]
}
Expand Down
4 changes: 2 additions & 2 deletions advisories/github-reviewed/2024/10/GHSA-pfr9-2p92-qrhq/GHSA-pfr9-2p92-qrhq.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-pfr9-2p92-qrhq",
"modified": "2024-10-09T14:34:24Z",
"modified": "2026-04-21T00:00:00Z",
Copy link

Copilot AI Apr 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The modified timestamp is set to an exact midnight value, which looks like a placeholder rather than the actual update time. Consider using the real modification time (or whatever timestamping convention this repo expects) to avoid downstream consumers treating this as synthetic/rounded metadata.

Suggested change
"modified": "2026-04-21T00:00:00Z",
"modified": "2024-10-09T14:34:24Z",

Copilot uses AI. Check for mistakes.
"published": "2024-10-09T14:34:24Z",
"aliases": [],
"summary": "Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function",
Expand Down Expand Up @@ -30,7 +30,7 @@
"introduced": "0"
},
{
"fixed": "0.22.0"
"fixed": "0.22.1"
}
]
}
Expand Down
Loading