Accepted git 1:2.35.2-1 (source) into unstable
- To: debian-devel-changes@lists.debian.org
- Subject: Accepted git 1:2.35.2-1 (source) into unstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Wed, 13 Apr 2022 05:18:53 +0000
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Subject: Content-Transfer-Encoding:Content-Type:MIME-Version:To:Reply-To:From:Cc: Content-ID:Content-Description:In-Reply-To:References; bh=3NhaJGiMjmXDa9+VmRZyb5Vf0ov3nN5lJXphqBJKfeA=; b=CDPTzGrjrjZLSk7ijWRV3itj98 ZkT+SJCXtBmlEKNzdcbHA96HqBF1XOnlS/B89ON1P9GMw0j0UzGBdHS9JW2DnzS9YCUEPMDhy+9bs uQaNQyL0EFqcG9mK4CM6sYD103SVmI1gcHsMwnXXrHr7DFIgVMXCDvXztb0vOuHRNizWto0YXptDz uv8r8QiW9xeswgVZpRyukJeycdRmdYkR0Zk6U17K0Bh0lSCcrwXlW+7fzjixY1afsK9+STKz4Ai/G Pu/1ra7F4m1BfmuvAJlYKnrybVJDUA4Z0RE6/H1LPli2fYAdBRT46x9+gMqeHHK72WRptYmokzeKU Nla/v6IQ==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1neVP3-0002pl-6L@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 12 Apr 2022 21:25:57 -0700
Source: git
Architecture: source
Version: 1:2.35.2-1
Distribution: unstable
Urgency: medium
Maintainer: Jonathan Nieder <jrnieder@gmail.com>
Changed-By: Jonathan Nieder <jrnieder@gmail.com>
Changes:
git (1:2.35.2-1) unstable; urgency=medium
.
* new upstream point release (see RelNotes/2.35.2.txt).
* Addresses the security issue CVE-2022-24765: Git users might
have found themselves unexpectedly in a Git worktree, e.g. when
another user created a repository in `/tmp/.git`, in a mounted
network drive or in a scratch space. Having a Git-aware prompt
that runs `git status` (or `git diff`) and navigating to a
directory which is supposedly not a Git worktree, or opening
such a directory in an IDE with Git support such as VS Code,
could then run commands specified by that other user.
.
Thanks to 俞晨东 for discovering this vulnerability and
Johannes Schindelin for the mitigation.
Checksums-Sha1:
134839b5831adc08e9cf75810654cbb828d2d2ad 2825 git_2.35.2-1.dsc
e4668245ccf77cb5640f476a7dc2063467549f4f 6876028 git_2.35.2.orig.tar.xz
bc90c241dae20320211d62354e6c1b6785809ffa 708764 git_2.35.2-1.debian.tar.xz
890b72d6bbe03f36cbc98a078e6a1f5fe708d6db 12005 git_2.35.2-1_amd64.buildinfo
Checksums-Sha256:
d6c6a3047c0bffa9ef116f4ec0524c61862e4d979a411839fd8cb1e72875137e 2825 git_2.35.2-1.dsc
c73d0c4fa5dcebdb2ccc293900952351cc5fb89224bb133c116305f45ae600f3 6876028 git_2.35.2.orig.tar.xz
3b47625eccba3a02a0d404c5290f9c42c356f2bd881d866509cdff7cdfe4f967 708764 git_2.35.2-1.debian.tar.xz
07760a44ece597d5d379a402462b9ca58ea9343cde94653b53ff45e277b82364 12005 git_2.35.2-1_amd64.buildinfo
Files:
f0884cde81b42fa3554c35948135efc8 2825 vcs optional git_2.35.2-1.dsc
1cc1018f34f2b7a54dd93d9cfab0a95d 6876028 vcs optional git_2.35.2.orig.tar.xz
d68d47dd422220b5f62c056a54a06d6b 708764 vcs optional git_2.35.2-1.debian.tar.xz
64d19f69bfb39bed399aca2e2cded9f5 12005 vcs optional git_2.35.2-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCAAxFiEEUh5Y8X6W1xKqD/EC38Zx7rMz+iUFAmJWV2wTHGpybmllZGVy
QGdtYWlsLmNvbQAKCRDfxnHuszP6JQc/EACggxkAHpBy/BxgByMWzf3OHBEyNFId
xX9FyZuKVNVtuF84jcepj78T0eMjDT+c4x4YhRalwZ3R7d/k1cwxMPBw98JOu0/E
R11gMIx3Gl17+YdLImzMoo7ihILfQawAu15AZAepKQgU8xqdT9u34y/ggyhlsHce
I9NcDb+s0FqEaibzzyJsHtDlHZ00glS1CnczevCDR+xKJn/+YRyWnK8PT/cntGnR
eWRRfd+cCcoXuOqO4xlcJgy2YG/yAFuOtL1mvJQJL2wfaN9vL7SBXGn6D5NFWAWB
NzAO/ifvHkE5A8/3EurJsZXNpfK57ysqpQG9Md6s/5dTDhkEIlAMtLFNUXC8ZLW6
naXWb3250OO7HsMdOshnMWEtN8EXluiqyZ7bLd0s7U6lw44VavJ/VK7b/OrvlWYD
LN9xU8Mv2X5lOeLo9IQaZwUslUewgYldpTBEaJYlURC0rsZ08tpRTalizCIDDQ9K
+qFd08iQL7cUFiNMJlleo9IgC6TRvqIWfLDUJgRjHFBZ5zf+vXTe5uFKxDQxYHGf
8LDfkP06KLkxQkRf29oe5N82xvn7Nw+T2QOJrj8uiFXkx/JU0HrkfFZthAL9rHot
o4M3iyN89ahtocdgXtMD73OW/hxPE8pTEBP4AsoolPutDcYAA3M9fIheddjBanZ7
eWtfN5uTNepuSA==
=xwBz
-----END PGP SIGNATURE-----