1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted git 1:2.30.2-1+deb11u1 (source) into proposed-updates

    From Debian FTP Masters@21:1/5 to All on Tue Jan 31 18:50:01 2023
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Format: 1.8
    Date: Thu, 26 Jan 2023 22:59:15 +0800
    Source: git
    Architecture: source
    Version: 1:2.30.2-1+deb11u1
    Distribution: bullseye-security
    Urgency: high
    Maintainer: Jonathan Nieder <jrnieder@gmail.com>
    Changed-By: Aron Xu <aron@debian.org>
    Changes:
    git (1:2.30.2-1+deb11u1) bullseye-security; urgency=high
    .
    * Non-maintainer upload by the Security Team.
    * CVE-2022-23521: multiple integer overflows while parsing gitattributes
    * CVE-2022-24765: owner check for the top-level directory to avoid
    discovering a repository in a directory that is owned by someone other
    than the current user, which may lead to arbitary command execution
    * CVE-2022-29187: code execution and privilege escalation when the
    repository directory and gitdir have different ownership
    * CVE-2022-39253: exposure of sensitive information while performing local
    clone from malicious repository
    * CVE-2022-39260: integer overflow and out-of-bouns array reads/writes in
    git shell's command line input processing
    * CVE-2022-41903: integer overflow in commit formatting machinery Checksums-Sha1:
    c89c0b4242dddef6142dd6c7cdcd8b9b825ea346 2525 git_2.30.2-1+deb11u1.dsc
    76b3118428fe59dd95bf4fa918244a8396f32bea 6329820 git_2.30.2.orig.tar.xz
    7c557113b6243d322cd230abebaf001f35f27ba8 692344 git_2.30.2-1+deb11u1.debian.tar.xz
    dc6264da4c13cdde72c6098b808118f4df854978 7429 git_2.30.2-1+deb11u1_source.buildinfo
    Checksums-Sha256:
    1d3c0316e32555fa14bb2af6379eb5b9442343162797c67f6e2616effca47663 2525 git_2.30.2-1+deb11u1.dsc
    41f7d90c71f9476cd387673fcb10ce09ccbed67332436a4cc58d7af32c355faa 6329820 git_2.30.2.orig.tar.xz
    ca4b7d68338a9c61a322294ea2d7fc52669e47b4904e1f694c6094acfcbc6037 692344 git_2.30.2-1+deb11u1.debian.tar.xz
    016d1af7516e21ad8e71e1966343f88198c160ec2d57ecd1710d3f08821b8a96 7429 git_2.30.2-1+deb11u1_source.buildinfo
    Files:
    885681b636fa063b14260cba80de23b6 2525 vcs optional git_2.30.2-1+deb11u1.dsc
    53f3e1424598cd24eaf78588bcf90816 6329820 vcs optional git_2.30.2.orig.tar.xz
    d5211b41ecf85df86e319ce3e5116d05 692344 vcs optional git_2.30.2-1+deb11u1.debian.tar.xz
    20c1d6599b2d1a37277cd5c80c95efc9 7429 vcs optional git_2.30.2-1+deb11u1_source.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmPWDoUACgkQO1LKKgqv 2VQBdwf/dHzEpxb9gCNUOZlqOoQLuGz3NhKDrLG4DE7snBLqIGxgUTdXIVoEPWZd hMwVW36vSoLLVFBk9fmQn8e87FCif9OlWHpSyT0cY6OZksebVoz8itQ+1QlGuyvR wMlhab7/dbJRcoG6iUSQOJhFvJaqg6bpDVqjM9AV/eaGMUR2Efz509kpmz9YB2Zb NamXFduo1FVylDuuRS68RN+qeFlVpHx5tDTaX1OuqOiOhM6CU0+EK6/mHocBJMGT NK5vc9+qo5M+UL2SF9dAjLAgNz5zSO+tsdGGtI689JV9MnZYGFnwQ0OrV25uF6uX cDZXXEkoDYYEtNIScnQPuAaF5KIXLg==
    =PKEC
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)