-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 26 Jan 2023 22:59:15 +0800
Source: git
Architecture: source
Version: 1:2.30.2-1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Jonathan Nieder <
jrnieder@gmail.com>
Changed-By: Aron Xu <
aron@debian.org>
Changes:
git (1:2.30.2-1+deb11u1) bullseye-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2022-23521: multiple integer overflows while parsing gitattributes
* CVE-2022-24765: owner check for the top-level directory to avoid
discovering a repository in a directory that is owned by someone other
than the current user, which may lead to arbitary command execution
* CVE-2022-29187: code execution and privilege escalation when the
repository directory and gitdir have different ownership
* CVE-2022-39253: exposure of sensitive information while performing local
clone from malicious repository
* CVE-2022-39260: integer overflow and out-of-bouns array reads/writes in
git shell's command line input processing
* CVE-2022-41903: integer overflow in commit formatting machinery Checksums-Sha1:
c89c0b4242dddef6142dd6c7cdcd8b9b825ea346 2525 git_2.30.2-1+deb11u1.dsc
76b3118428fe59dd95bf4fa918244a8396f32bea 6329820 git_2.30.2.orig.tar.xz
7c557113b6243d322cd230abebaf001f35f27ba8 692344 git_2.30.2-1+deb11u1.debian.tar.xz
dc6264da4c13cdde72c6098b808118f4df854978 7429 git_2.30.2-1+deb11u1_source.buildinfo
Checksums-Sha256:
1d3c0316e32555fa14bb2af6379eb5b9442343162797c67f6e2616effca47663 2525 git_2.30.2-1+deb11u1.dsc
41f7d90c71f9476cd387673fcb10ce09ccbed67332436a4cc58d7af32c355faa 6329820 git_2.30.2.orig.tar.xz
ca4b7d68338a9c61a322294ea2d7fc52669e47b4904e1f694c6094acfcbc6037 692344 git_2.30.2-1+deb11u1.debian.tar.xz
016d1af7516e21ad8e71e1966343f88198c160ec2d57ecd1710d3f08821b8a96 7429 git_2.30.2-1+deb11u1_source.buildinfo
Files:
885681b636fa063b14260cba80de23b6 2525 vcs optional git_2.30.2-1+deb11u1.dsc
53f3e1424598cd24eaf78588bcf90816 6329820 vcs optional git_2.30.2.orig.tar.xz
d5211b41ecf85df86e319ce3e5116d05 692344 vcs optional git_2.30.2-1+deb11u1.debian.tar.xz
20c1d6599b2d1a37277cd5c80c95efc9 7429 vcs optional git_2.30.2-1+deb11u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmPWDoUACgkQO1LKKgqv 2VQBdwf/dHzEpxb9gCNUOZlqOoQLuGz3NhKDrLG4DE7snBLqIGxgUTdXIVoEPWZd hMwVW36vSoLLVFBk9fmQn8e87FCif9OlWHpSyT0cY6OZksebVoz8itQ+1QlGuyvR wMlhab7/dbJRcoG6iUSQOJhFvJaqg6bpDVqjM9AV/eaGMUR2Efz509kpmz9YB2Zb NamXFduo1FVylDuuRS68RN+qeFlVpHx5tDTaX1OuqOiOhM6CU0+EK6/mHocBJMGT NK5vc9+qo5M+UL2SF9dAjLAgNz5zSO+tsdGGtI689JV9MnZYGFnwQ0OrV25uF6uX cDZXXEkoDYYEtNIScnQPuAaF5KIXLg==
=PKEC
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)