1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5769-1] git security update

    From Salvatore Bonaccorso@21:1/5 to All on Fri Sep 13 21:50:01 2024
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5769-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 13, 2024 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : git
    CVE ID : CVE-2023-25652 CVE-2023-25815 CVE-2023-29007 CVE-2024-32002
    CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465 Debian Bug : 1034835 1071160

    Multiple issues were found in Git, a fast, scalable, distributed
    revision control system, which may result in file overwrites outside the repository, arbitrary configuration injection or arbitrary code
    execution.

    For the stable distribution (bookworm), these problems have been fixed in version 1:2.39.5-0+deb12u1.

    We recommend that you upgrade your git packages.

    For the detailed security status of git please refer to its security
    tracker page at:
    https://security-tracker.debian.org/tracker/git

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmbklgFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QD9RAAiN4YarOU7lbe6MnW4vRpz1qJA4ph8WgtqRs5GKgMUBOPcLCCqDim/9Yl vib6iaH/8WW5Rh9TDXY5BuWZ/Ek5zU9oDcde2E3r4VUJDKdSICjyBpooc5iLsJpT jh8lHio+UjrNqBqoLAtyarCsj1muvO8l/f96O6qotP/wUJVqZfAyCpHFeeApzj7M dXWNt/j5YBSiu7dwZY+p0E1cKwGglJtZnUCcyJaelnLd6Igu2Lq+4OvuhqWhsmeE aDauOY43WA7Qwpu814XJG9lrMAyWZJFWnT/NEGYi0dm2vhbZzoS4V/WvCmtfyrCJ lkXzKgG737YMpI99T7eP75BhSF6dw8aC5HCT6cG5Gv1apEhVC2hMIVot3ZVL/7oj ml972rjltmMMgILStR7N9JWrDqXPpn8SWslwjMLfxHslZzG3YGJV5ihXtvefWafH 7c0X7WVT1yTdE1FrTOnCIUfPc/J+jEXMWNd+vsV3aHdVVdZoHj8bDso47CZqMYwT a2Q0opuv+4CDnuG1wUZzv4ap1w21C36tSwIZ1u8CEMhyYzdZV7TUf/0XsDNsms2e wRNmEWXHGvxsw1+wdTpFeb9iahoGTfcDPq3gdr4W74yRn5ZryREu6G2C0zGMaPkf yjGcnDiHTGsET2qxX5Je0iTsLraWbLAB0iyHmABzsDCn/pJc7lE=
    =iG6s
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)