• [SECURITY] [DSA 5332-1] git security update

    From Aron Xu@21:1/5 to All on Sun Jan 29 18:10:01 2023
    Hash: SHA256

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5332-1 security@debian.org https://www.debian.org/security/ Aron Xu January 29, 2023 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : git
    CVE ID : CVE-2022-23521 CVE-2022-24765 CVE-2022-29187 CVE-2022-39253
    CVE-2022-39260 CVE-2022-41903
    Debian Bug : 1014848 1022046 1029114

    Multiple issues were found in Git, a distributed revision control system.
    An attacker may trigger remote code execution, cause local users into
    executing arbitrary commands, leak information from the local filesystem,
    and bypass restricted shell.

    This update includes two changes of behavior that may affect certain setup:
    - It stops when directory traversal changes ownership from the current
    user while looking for a top-level git directory, a user could make an
    exception by using the new safe.directory configuration.
    - The default of protocol.file.allow has been changed from "always" to

    For the stable distribution (bullseye), these problems have been fixed in version 1:2.30.2-1+deb11u1.

    We recommend that you upgrade your git packages.

    For the detailed security status of git please refer to
    its security tracker page at:

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

    iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmPWoBQACgkQO1LKKgqv 2VQ9Ugf/amidAHmXSaPDpk9Hs52ttiUPJ6uMJRYyJI/KQ3o5eoQfdzYmVT9ACsuK XxT7Xd5JqkHZMJyABeqm42JJgOiyV5GUx2ZrsQ3M5UE2HD2keWxaJmrkj6VlzkFs qHOynAgprllBmw3RfHkyjybQEG4dtmiLk5+gJZK0MYxAaKzyeNi7dnLEllYOf+Xi dn3aSk8edTVqT80jdMIfBeOn1f/Zb+9kSHyVOezku1NfYES1dnA7RaOAkKmw/JkR HYnuxpdAfkb2K1z6LmDkLWpTQU7CbOPcPpWBWgkuD6tQmKjppx5MYuDZ+hW0y6aV EI1gHfi7qbZ3+b+nxEa9CTvap0d8QA==
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)