Back to python-git PTS page

Accepted python-git 2.1.11-1+deb10u1 (source) into oldoldstable

To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
Subject: Accepted python-git 2.1.11-1+deb10u1 (source) into oldoldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Mon, 24 Jul 2023 21:35:00 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: python-git_2.1.11-1+deb10u1_source.changes
Debian-source: python-git
Debian-suite: oldoldstable
Debian-version: 2.1.11-1+deb10u1
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=Hs7zrFUszXGXQn6GtIZiBp3BU4gizR+ExEFxTrNTkzQ=; b=A+ziX5mkJpQFiF8m7Hm+kXaRNs KfO14Vce2YNVwc92+ZXoX1/f03gQB3Uo9s0++8lIuEeqY/Uj/m3ZNfW6Np7YXe2uC8D9F9cbQKNqI DA792R8MQ48TncORbD6PUtlu+Y1FG2sBCgEAmjT6NLgwEQNPUMoeEaJALsJ+P7PvMCKs8QMA8/zF9 SGy/XHoKhe1pw4acI1LJ9SqA6JjCG1QnBJY9xLID+AxAou1Wv42cjnViBlXYaZquIgIaVA0KK0AlF IKHPYu8pmvFs5wKZ8678MkZuk3rL4MJFxmE5tkNyD7jZmKhJqLBk807n0sf0vucEJraVW1rVttx0s LYBTPy/Q==;
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1qO3Cm-00GZPJ-Gz@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 24 Jul 2023 11:08:59 +0200
Source: python-git
Architecture: source
Version: 2.1.11-1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
Changed-By: Sylvain Beucler <beuc@debian.org>
Closes: 1027163
Changes:
 python-git (2.1.11-1+deb10u1) buster-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2022-24439: Remote Code Execution (RCE) due to improper user input
     validation, which makes it possible to inject a maliciously crafted
     remote URL into the clone command. Exploiting this vulnerability is
     possible because the library makes external calls to git without
     sufficient sanitization of input arguments. (Closes: #1027163)
   * [CVE pending] Follow-up fix for CVE-2022-24439.
Checksums-Sha1:
 53147cda152605cfd17217f09fc5058c89973dca 2459 python-git_2.1.11-1+deb10u1.dsc
 ce688b7680625d1417feafd94b79312c2750020c 428531 python-git_2.1.11.orig.tar.gz
 c38a90021ff59355d518fee1f6e9ef2b1db69573 14112 python-git_2.1.11-1+deb10u1.debian.tar.xz
 c7d92395e23468805263689fa44ce4023e7642eb 9088 python-git_2.1.11-1+deb10u1_all.buildinfo
Checksums-Sha256:
 23cf0eed3bd11b2292d1d00e45e7359e3eda86f14d7fc95ac52cdbc41295664e 2459 python-git_2.1.11-1+deb10u1.dsc
 8237dc5bfd6f1366abeee5624111b9d6879393d84745a507de0fda86043b65a8 428531 python-git_2.1.11.orig.tar.gz
 5d98fbe12402c921aa54b6f3e3c493caaddb19de599bc40ff9a9ac2ba52b54e7 14112 python-git_2.1.11-1+deb10u1.debian.tar.xz
 665b864f11ad0eb233cf750d89c58a98af229365257dda3127867373455e0722 9088 python-git_2.1.11-1+deb10u1_all.buildinfo
Files:
 a3c773074b24a6c9a78c1e67311f6899 2459 python optional python-git_2.1.11-1+deb10u1.dsc
 cee43a39a1468084d49d1c49fb675204 428531 python optional python-git_2.1.11.orig.tar.gz
 a7c2dabd5c05101a0d6a7ef9d41a72b8 14112 python optional python-git_2.1.11-1+deb10u1.debian.tar.xz
 189f350118d823674d36ec3f92478203 9088 python optional python-git_2.1.11-1+deb10u1_all.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmS+yMoACgkQDTl9HeUl
XjCmZw/9E2a/qUNDNicVGPy5avxOTp4fif/TBvbHdLz0fwZdWslVBHyHvAwbzsRn
5OLHuIqNokQgVN44yMAsldAppyCB4HUwVjufnDlEe+ycYnt+o+P2D+flU6iAAY+m
cS4sZg6wHBpaJiPaa7GOP28rf3RuzDJKVubdOWX2zesR4REnBvdSc34O4K4NwB4d
wbIxhIXmDXSokBerxv5ISPzTN5ym6D8gNLX1Z/VOb+OD60HOrjwY13qXsJbNKiGL
jj8jZaCtRVN4nUWSntQ8+rffLi8x+ufmJ6Ej2Y0+hpwtriacOWOw2kFsMDK25+b+
xOSIzoWq/EwdaoWkD3rif6nWcsVCIbVPwi1GMG9wq7pJAuGDt+0/vdcF/30tnyZc
ldKTu5nTRAyiURq8NV/ofCifNUw9BV8vSYDb07OMICAjf9tPP3VdEG1p9yVeVyEL
cHcLp0srhbRdj7kgKQzkXHevr7bC2o6x7xgqt3GcmQ5Oi0phxD9CTinH3sdHxm3e
BwRinbgxcuFIH8GqpQXzJVuOArDwAmWE2l/UDiCETCJkA1fNcgJkR2GbosIasjk2
5Z66dth+ECEHXkESFu+kzXSb/BYGrMueKy70x7aRklT7bUEZFLDSWIf0RspcWZLP
rWPosXSR1KthnfFxVn3INz71HBVn2VmPGEIFtSgJxkuQQsG8lcE=
=jumt
-----END PGP SIGNATURE-----