-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 12 Apr 2022 21:25:57 -0700 Source: git Architecture: source Version: 1:2.35.2-1 Distribution: unstable Urgency: medium Maintainer: Jonathan Nieder <jrnieder@gmail.com> Changed-By: Jonathan Nieder <jrnieder@gmail.com> Changes: git (1:2.35.2-1) unstable; urgency=medium . * new upstream point release (see RelNotes/2.35.2.txt). * Addresses the security issue CVE-2022-24765: Git users might have found themselves unexpectedly in a Git worktree, e.g. when another user created a repository in `/tmp/.git`, in a mounted network drive or in a scratch space. Having a Git-aware prompt that runs `git status` (or `git diff`) and navigating to a directory which is supposedly not a Git worktree, or opening such a directory in an IDE with Git support such as VS Code, could then run commands specified by that other user. . Thanks to 俞晨东 for discovering this vulnerability and Johannes Schindelin for the mitigation. Checksums-Sha1: 134839b5831adc08e9cf75810654cbb828d2d2ad 2825 git_2.35.2-1.dsc e4668245ccf77cb5640f476a7dc2063467549f4f 6876028 git_2.35.2.orig.tar.xz bc90c241dae20320211d62354e6c1b6785809ffa 708764 git_2.35.2-1.debian.tar.xz 890b72d6bbe03f36cbc98a078e6a1f5fe708d6db 12005 git_2.35.2-1_amd64.buildinfo Checksums-Sha256: d6c6a3047c0bffa9ef116f4ec0524c61862e4d979a411839fd8cb1e72875137e 2825 git_2.35.2-1.dsc c73d0c4fa5dcebdb2ccc293900952351cc5fb89224bb133c116305f45ae600f3 6876028 git_2.35.2.orig.tar.xz 3b47625eccba3a02a0d404c5290f9c42c356f2bd881d866509cdff7cdfe4f967 708764 git_2.35.2-1.debian.tar.xz 07760a44ece597d5d379a402462b9ca58ea9343cde94653b53ff45e277b82364 12005 git_2.35.2-1_amd64.buildinfo Files: f0884cde81b42fa3554c35948135efc8 2825 vcs optional git_2.35.2-1.dsc 1cc1018f34f2b7a54dd93d9cfab0a95d 6876028 vcs optional git_2.35.2.orig.tar.xz d68d47dd422220b5f62c056a54a06d6b 708764 vcs optional git_2.35.2-1.debian.tar.xz 64d19f69bfb39bed399aca2e2cded9f5 12005 vcs optional git_2.35.2-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJHBAEBCAAxFiEEUh5Y8X6W1xKqD/EC38Zx7rMz+iUFAmJWV2wTHGpybmllZGVy QGdtYWlsLmNvbQAKCRDfxnHuszP6JQc/EACggxkAHpBy/BxgByMWzf3OHBEyNFId xX9FyZuKVNVtuF84jcepj78T0eMjDT+c4x4YhRalwZ3R7d/k1cwxMPBw98JOu0/E R11gMIx3Gl17+YdLImzMoo7ihILfQawAu15AZAepKQgU8xqdT9u34y/ggyhlsHce I9NcDb+s0FqEaibzzyJsHtDlHZ00glS1CnczevCDR+xKJn/+YRyWnK8PT/cntGnR eWRRfd+cCcoXuOqO4xlcJgy2YG/yAFuOtL1mvJQJL2wfaN9vL7SBXGn6D5NFWAWB NzAO/ifvHkE5A8/3EurJsZXNpfK57ysqpQG9Md6s/5dTDhkEIlAMtLFNUXC8ZLW6 naXWb3250OO7HsMdOshnMWEtN8EXluiqyZ7bLd0s7U6lw44VavJ/VK7b/OrvlWYD LN9xU8Mv2X5lOeLo9IQaZwUslUewgYldpTBEaJYlURC0rsZ08tpRTalizCIDDQ9K +qFd08iQL7cUFiNMJlleo9IgC6TRvqIWfLDUJgRjHFBZ5zf+vXTe5uFKxDQxYHGf 8LDfkP06KLkxQkRf29oe5N82xvn7Nw+T2QOJrj8uiFXkx/JU0HrkfFZthAL9rHot o4M3iyN89ahtocdgXtMD73OW/hxPE8pTEBP4AsoolPutDcYAA3M9fIheddjBanZ7 eWtfN5uTNepuSA== =xwBz -----END PGP SIGNATURE-----