<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22490> <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23946>
^Triage: reporter is committer, assign accordingly
Gitlab is only indirectly effected by this, but if you like, you can add an entry for it. But it should be enough to document the vulnerability in git.
Reassigning to committer who opened the issue.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=945cff6a567218c48af80522dcd17c2056186b65 commit 945cff6a567218c48af80522dcd17c2056186b65 Author: Renato Botelho <garga@FreeBSD.org> AuthorDate: 2023-02-21 11:34:11 +0000 Commit: Renato Botelho <garga@FreeBSD.org> CommitDate: 2023-02-21 11:37:19 +0000 security/vuxml: Document recent git CVEs Document CVEs fixed by devel/git 2.39.1 and 2.39.2: CVE-2022-41903 CVE-2022-23521 CVE-2023-22490 CVE-2023-23946 PR: 269655 Sponsored by: Rubicon Communications, LLC ("Netgate") security/vuxml/vuln/2023.xml | 146 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 146 insertions(+)