Accepted git 1:2.1.4-2.1+deb8u5 (source amd64 all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 25 Sep 2017 12:12:03 -0700
Source: git
Binary: git git-man git-core git-doc git-arch git-cvs git-svn git-mediawiki git-email git-daemon-run git-daemon-sysvinit git-gui gitk git-el gitweb git-all
Architecture: source amd64 all
Version: 1:2.1.4-2.1+deb8u5
Distribution: jessie-security
Urgency: high
Maintainer: Gerrit Pape <pape@smarden.org>
Changed-By: Jonathan Nieder <jrnieder@gmail.com>
Description:
git - fast, scalable, distributed revision control system
git-all - fast, scalable, distributed revision control system (all subpacka
git-arch - fast, scalable, distributed revision control system (arch interop
git-core - fast, scalable, distributed revision control system (obsolete)
git-cvs - fast, scalable, distributed revision control system (cvs interope
git-daemon-run - fast, scalable, distributed revision control system (git-daemon s
git-daemon-sysvinit - fast, scalable, distributed revision control system (git-daemon s
git-doc - fast, scalable, distributed revision control system (documentatio
git-el - fast, scalable, distributed revision control system (emacs suppor
git-email - fast, scalable, distributed revision control system (email add-on
git-gui - fast, scalable, distributed revision control system (GUI)
git-man - fast, scalable, distributed revision control system (manual pages
git-mediawiki - fast, scalable, distributed revision control system (MediaWiki in
git-svn - fast, scalable, distributed revision control system (svn interope
gitk - fast, scalable, distributed revision control system (revision tre
gitweb - fast, scalable, distributed revision control system (web interfac
Changes:
git (1:2.1.4-2.1+deb8u5) jessie-security; urgency=high
.
* Fix remote shell command execution via CVS protocol:
- git-shell: drop cvsserver support by default
- git-cvsserver: harden backtick captures against user input
* Avoid shell command injection in other commands as well:
- git-cvsimport: harden backtick captures against user input
- git-archimport: harden backtick captures against user input
.
Thanks to joernchen of Phenoelit for discovering, reporting, and
fixing this vulnerability, and to Junio C Hamano and Jeff King for
the fixes to related issues.
Checksums-Sha1:
04ef00ade1effd504d85d15bc022cc7761d9d49b 2803 git_2.1.4-2.1+deb8u5.dsc
bc79bf8cb245ae60ca32e56b1eeb41f2fe4a2afb 481960 git_2.1.4-2.1+deb8u5.debian.tar.xz
e005ca10f7ce18190bac93dddd9a06efd52090a0 3693608 git_2.1.4-2.1+deb8u5_amd64.deb
a2335cdca2b817a49a2fc78624ebf79d60892507 1409370 git-doc_2.1.4-2.1+deb8u5_all.deb
a23c5c9b290ebd45756a2446ead388713e562d0d 588854 git-arch_2.1.4-2.1+deb8u5_all.deb
d01965fd90873a009919c3d3cedef58275ec7a71 638610 git-cvs_2.1.4-2.1+deb8u5_all.deb
11e498c512e25d64efa2d2bce3d5cdbb77222650 662532 git-svn_2.1.4-2.1+deb8u5_all.deb
c96c42ca5d3e98d0d5a192ff9c48502c1cf7b7bc 591238 git-mediawiki_2.1.4-2.1+deb8u5_all.deb
d15e23ee478cc64cd3dcdfcb4065fe8c765cfc83 577186 git-daemon-run_2.1.4-2.1+deb8u5_all.deb
2d8c67f12f1b683bf3e2ac05a0c77bd55fbe0cd2 578146 git-daemon-sysvinit_2.1.4-2.1+deb8u5_all.deb
ab98fb9da87353353facee25445d20338b20254e 595186 git-email_2.1.4-2.1+deb8u5_all.deb
9861aa14e7eef52311e15a28b2742b14936b6aa5 766538 git-gui_2.1.4-2.1+deb8u5_all.deb
10c3219ffc4e4deab9bdc7454ee8b4be5dd954ba 695192 gitk_2.1.4-2.1+deb8u5_all.deb
01dec27014a79908f39693433f63c1ccac945e42 580074 gitweb_2.1.4-2.1+deb8u5_all.deb
67a81c1bad46aa9538ce9b094ba4f6068bd3f11c 575500 git-all_2.1.4-2.1+deb8u5_all.deb
bf9b1bceb2f8651b9921301089a7906107fca717 595150 git-el_2.1.4-2.1+deb8u5_all.deb
9a9efe9469981f74c8ab177383fa599c4558264c 1268206 git-man_2.1.4-2.1+deb8u5_all.deb
dc2804abedac52e6de085827ea027bbbd28a92aa 1504 git-core_2.1.4-2.1+deb8u5_all.deb
Checksums-Sha256:
98a91bae8bf614cba4049cb47da1fa76d0639748d431d9241c6a269e5147216f 2803 git_2.1.4-2.1+deb8u5.dsc
c3d39c895fdda768f9bc49ffe39e576b493ad92af81814136074fdc08349642b 481960 git_2.1.4-2.1+deb8u5.debian.tar.xz
b792fc1efe2fe807717a56a8154b0203b6772c39df0ead7c4dd1215194c25324 3693608 git_2.1.4-2.1+deb8u5_amd64.deb
9f300df870de52459cb25e523e7ae64637051427d4e882760ce7818584b63e10 1409370 git-doc_2.1.4-2.1+deb8u5_all.deb
7432c33e6e7b81c8c330cbff589922f8d78821020bcfa80149eafde03e17be33 588854 git-arch_2.1.4-2.1+deb8u5_all.deb
2058c8a0bcf8420846311c9e84825e5c8e9d2225312d3934bf4ea0d27ca4831d 638610 git-cvs_2.1.4-2.1+deb8u5_all.deb
500282706c45f5861160ad05a72b85e2aafc7b45302b3dcb7a5dbdd5054d7d5a 662532 git-svn_2.1.4-2.1+deb8u5_all.deb
20f7d404aae63a4c48b60c45687981b5e6f6b1ca1f6c6ee9ae8b734a9445dcb4 591238 git-mediawiki_2.1.4-2.1+deb8u5_all.deb
9be5a86905a9c94c7f27dd419651e8f1d00ce3bd4beb5b72b0db95cfdfb4c61c 577186 git-daemon-run_2.1.4-2.1+deb8u5_all.deb
52e373a7674f5767618c06e52b239b5197c8f0cc1eb3b8f1506b54191e9da741 578146 git-daemon-sysvinit_2.1.4-2.1+deb8u5_all.deb
e3fbf308c734812a24b1bf7878dea3eb519cdbe1346d1d0880f607328080fba7 595186 git-email_2.1.4-2.1+deb8u5_all.deb
705ef506a91cbfeda477eae4cb923b6a75a59e02c5a280602a2058c4ea5d984b 766538 git-gui_2.1.4-2.1+deb8u5_all.deb
6c708c04ebdec0387d992542899f9e3d56bfd92e7368d9b6f63dc8205cf9f5df 695192 gitk_2.1.4-2.1+deb8u5_all.deb
430697405c4a9972b45c03e974c2a87944034c202b1d16b135c83b132eac1f22 580074 gitweb_2.1.4-2.1+deb8u5_all.deb
1e10ac27d224b46652da88accc642574637ec619a03e01fa07dee33121800f3e 575500 git-all_2.1.4-2.1+deb8u5_all.deb
a09e52af1cae235a6b7784f916b1d5be46e1bd026e800c5bbbd2ef18c9714da9 595150 git-el_2.1.4-2.1+deb8u5_all.deb
e4896b1da467dfa0bab335a189b7d58a6437c37c5adf7f15e7cc864b3baa0bf6 1268206 git-man_2.1.4-2.1+deb8u5_all.deb
59ee04bd0398dc5cfaa46658d2f31680ef48022ee615c97cd33f42f6656d1995 1504 git-core_2.1.4-2.1+deb8u5_all.deb
Files:
c42e28a44a2b32a7bf0628d0399ccc96 2803 vcs optional git_2.1.4-2.1+deb8u5.dsc
68c1067f195ee396cb4d8388fd2196fe 481960 vcs optional git_2.1.4-2.1+deb8u5.debian.tar.xz
a37fd2d3b71c3ab89cbe78c41d3b7376 3693608 vcs optional git_2.1.4-2.1+deb8u5_amd64.deb
e2459183406d5c4405f1393673981565 1409370 doc optional git-doc_2.1.4-2.1+deb8u5_all.deb
be4ad91c645bd7a08f44d630aff199cf 588854 vcs optional git-arch_2.1.4-2.1+deb8u5_all.deb
922eadeecba5056368e18384a4fc32da 638610 vcs optional git-cvs_2.1.4-2.1+deb8u5_all.deb
264c8998ee69ec9343d5adb2d7ec7c07 662532 vcs optional git-svn_2.1.4-2.1+deb8u5_all.deb
ebbcd06f0b2048495ec08cc4f9f8fbc1 591238 vcs optional git-mediawiki_2.1.4-2.1+deb8u5_all.deb
a141a2e011e7a64f08cc1fe162c7a6c2 577186 vcs optional git-daemon-run_2.1.4-2.1+deb8u5_all.deb
93ba408c18872af587032076cb1627e0 578146 vcs extra git-daemon-sysvinit_2.1.4-2.1+deb8u5_all.deb
45609c293dca370c26ada095c6914ee4 595186 vcs optional git-email_2.1.4-2.1+deb8u5_all.deb
53a8cbebdac96c407df4f856e470abe8 766538 vcs optional git-gui_2.1.4-2.1+deb8u5_all.deb
b77dbbdf3f898cf510938218ef9ebe84 695192 vcs optional gitk_2.1.4-2.1+deb8u5_all.deb
2c5589592514367ac87ace7b59ceccfd 580074 vcs optional gitweb_2.1.4-2.1+deb8u5_all.deb
d4d96d29941802ad9301739bf73a0c6e 575500 vcs optional git-all_2.1.4-2.1+deb8u5_all.deb
79a2f119b45f22d059760d16839d888c 595150 vcs optional git-el_2.1.4-2.1+deb8u5_all.deb
e65045b8151d95f0c8f4ad729bc69e5a 1268206 doc optional git-man_2.1.4-2.1+deb8u5_all.deb
514244d4302c1720f202b948fef7ce99 1504 vcs optional git-core_2.1.4-2.1+deb8u5_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJZyVvFAAoJEN/Gce6zM/olQZwP/Anxysaeu9zg33QkiCcMXKYT
kMY4P9itQ/2HydSDUA0hVp6dTufvx1PYF0OkTu3zRSCoe+vi6IbPmFEq0v1Wj/4F
XIMZGMWyWIHnd+YhDjEq5fmRIrhQGq61W3JiDNGAOtyZAxLRYcCWbdYIsvMdioCm
xBKLArbn/G5EaFooPcdq47Sk3Kv2DUArKrqnXdbRAqben2MdtL2xgzCNuQVQ6/ES
x70zM7gIq05PijoqXFj2zZD5esso+RdknXB93YE0TceJfCMzMjryBcscj+s2I0es
AxD+yUTUYjwC46LRxmrLM4nfud6NvTKNZsByYUzTJ6ZdLOACF87i6rDHo4vFDpUO
4GewEO7KTS6YP7X1dyUaIeWdNP3jymMSRHdbRkyoiCa7n3DNdxXCrp814HII70v/
Loiu9R/6po/xFU5Ek6J0VIsFp+gCwfB3JA4JyIy4Usu80GkgM3U2nLTXH7RbvsY8
HSK0ontnyu28Z67VG/pQeRYmG/9m7nF8Y5ouj5IoPmqSR6iEfAymjIWFGRLLK//8
15W0R/rl5HFauqCSOoywDkJGP7AqKqxpEonsc2R6g+lwA4yc2M4F88pxX7tO5S+a
+COuCLIDYhjtJ1FnVqDredEKeBxQVjPZP7aDaQ4A/+2nw9oKc98F3xbjGoVLbaQ6
yVvUuP/DK7H7oclusaoR
=0wI3
-----END PGP SIGNATURE-----