Accepted git 1:2.30.2-1+deb11u1 (source) into proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted git 1:2.30.2-1+deb11u1 (source) into proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Tue, 31 Jan 2023 17:47:38 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: git_2.30.2-1+deb11u1_source.changes
- Debian-source: git
- Debian-suite: proposed-updates
- Debian-version: 1:2.30.2-1+deb11u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=vfA+CzJIq938LkHpfihSp4Pru468gIPlTnsAoH8kFEI=; b=Rce/28fWEuzwEgdLEY8XaK3e65 czLJaaUDLCE8MtNfZwzzCVQuQQIbsfT5/rWsXipIW3pIS9TWFklinJhUeNTwP5AcC2ivuop6AK7gB zaoTgSiAQFtfHFJIHjBAjza31GKAhj83fRw70HqP7I4cWJA2QX0BpGWWsBwl6FjM+LP8Gkq1v8bfx gFRhDR64WxKX9BBS/hmuSNfvJapiLWHrExt8zhrnGipdv0XK7NwNY7qi73cUSt7j/6gdATwL4lh23 q2TI2RugxPsEmlyoFDGiPc7w+XUTiuYINCYsWXdyc9NTBLmJsObCNyNmG0t9/pbF5Sy9SvTu5/Yx5 J4or/Dow==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1pMujK-002rkd-Oz@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 26 Jan 2023 22:59:15 +0800
Source: git
Architecture: source
Version: 1:2.30.2-1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Jonathan Nieder <jrnieder@gmail.com>
Changed-By: Aron Xu <aron@debian.org>
Changes:
git (1:2.30.2-1+deb11u1) bullseye-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2022-23521: multiple integer overflows while parsing gitattributes
* CVE-2022-24765: owner check for the top-level directory to avoid
discovering a repository in a directory that is owned by someone other
than the current user, which may lead to arbitary command execution
* CVE-2022-29187: code execution and privilege escalation when the
repository directory and gitdir have different ownership
* CVE-2022-39253: exposure of sensitive information while performing local
clone from malicious repository
* CVE-2022-39260: integer overflow and out-of-bouns array reads/writes in
git shell's command line input processing
* CVE-2022-41903: integer overflow in commit formatting machinery
Checksums-Sha1:
c89c0b4242dddef6142dd6c7cdcd8b9b825ea346 2525 git_2.30.2-1+deb11u1.dsc
76b3118428fe59dd95bf4fa918244a8396f32bea 6329820 git_2.30.2.orig.tar.xz
7c557113b6243d322cd230abebaf001f35f27ba8 692344 git_2.30.2-1+deb11u1.debian.tar.xz
dc6264da4c13cdde72c6098b808118f4df854978 7429 git_2.30.2-1+deb11u1_source.buildinfo
Checksums-Sha256:
1d3c0316e32555fa14bb2af6379eb5b9442343162797c67f6e2616effca47663 2525 git_2.30.2-1+deb11u1.dsc
41f7d90c71f9476cd387673fcb10ce09ccbed67332436a4cc58d7af32c355faa 6329820 git_2.30.2.orig.tar.xz
ca4b7d68338a9c61a322294ea2d7fc52669e47b4904e1f694c6094acfcbc6037 692344 git_2.30.2-1+deb11u1.debian.tar.xz
016d1af7516e21ad8e71e1966343f88198c160ec2d57ecd1710d3f08821b8a96 7429 git_2.30.2-1+deb11u1_source.buildinfo
Files:
885681b636fa063b14260cba80de23b6 2525 vcs optional git_2.30.2-1+deb11u1.dsc
53f3e1424598cd24eaf78588bcf90816 6329820 vcs optional git_2.30.2.orig.tar.xz
d5211b41ecf85df86e319ce3e5116d05 692344 vcs optional git_2.30.2-1+deb11u1.debian.tar.xz
20c1d6599b2d1a37277cd5c80c95efc9 7429 vcs optional git_2.30.2-1+deb11u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmPWDoUACgkQO1LKKgqv
2VQBdwf/dHzEpxb9gCNUOZlqOoQLuGz3NhKDrLG4DE7snBLqIGxgUTdXIVoEPWZd
hMwVW36vSoLLVFBk9fmQn8e87FCif9OlWHpSyT0cY6OZksebVoz8itQ+1QlGuyvR
wMlhab7/dbJRcoG6iUSQOJhFvJaqg6bpDVqjM9AV/eaGMUR2Efz509kpmz9YB2Zb
NamXFduo1FVylDuuRS68RN+qeFlVpHx5tDTaX1OuqOiOhM6CU0+EK6/mHocBJMGT
NK5vc9+qo5M+UL2SF9dAjLAgNz5zSO+tsdGGtI689JV9MnZYGFnwQ0OrV25uF6uX
cDZXXEkoDYYEtNIScnQPuAaF5KIXLg==
=PKEC
-----END PGP SIGNATURE-----