Debian Package Tracker

From: Jonathan Nieder <jrnieder@gmail.com>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted git 1:2.24.0-2 (source) into unstable
Date: Tue, 10 Dec 2019 18:50:26 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 09 Dec 2019 06:20:25 +0000
Source: git
Architecture: source
Version: 1:2.24.0-2
Distribution: unstable
Urgency: high
Maintainer: Gerrit Pape <pape@smarden.org>
Changed-By: Jonathan Nieder <jrnieder@gmail.com>
Changes:
 git (1:2.24.0-2) unstable; urgency=high
 .
   * new upstream point release (see RelNotes/2.24.1.txt).
     * Addresses the security issues CVE-2019-1348, CVE-2019-1349,
       CVE-2019-1350, CVE-2019-1351, CVE-2019-1352, CVE-2019-1353,
       CVE-2019-1354, and CVE-2019-1387.
 .
       Credit for finding these vulnerabilities goes to Microsoft
       Security Response Center, in particular to Nicolas Joly. Fixes
       were provided by Jeff King and Johannes Schindelin with help
       from Garima Singh.
 .
     * Addresses CVE-2019-19604, arbitrary code execution via the
       "update" field in .gitmodules.
 .
       Credit for finding this vulnerability goes to Joern
       Schneeweisz from GitLab.
Checksums-Sha1:
 1d3e1d89cfa7b02f67592b45ff253ba693824bd3 2891 git_2.24.0-2.dsc
 cf373428800298920e61795486504f6486808333 664016 git_2.24.0-2.debian.tar.xz
 864db24a9dcfd164b140f7907d0a9915230fd63f 12016 git_2.24.0-2_amd64.buildinfo
Checksums-Sha256:
 882d0e6dbe62782b47efb7819ec5593e6122e356a1bf43967758fb4bd3c6de2f 2891 git_2.24.0-2.dsc
 b9269fc9a2f4851a482df5529cfa5399b4827bc7ab89154aaa9f31017ee64af1 664016 git_2.24.0-2.debian.tar.xz
 d988b34a60bac3470606e15bb08decd81c9c3076d2c6d7e14d3b8cfacf5262fd 12016 git_2.24.0-2_amd64.buildinfo
Files:
 2088f42f4a27db1ee7674ece9efac3c7 2891 vcs optional git_2.24.0-2.dsc
 6e78051e8455911d24906d921452e829 664016 vcs optional git_2.24.0-2.debian.tar.xz
 e18debd0a0230923f5e87f3a27d0de92 12016 vcs optional git_2.24.0-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCAAxFiEEUh5Y8X6W1xKqD/EC38Zx7rMz+iUFAl3v46gTHGpybmllZGVy
QGdtYWlsLmNvbQAKCRDfxnHuszP6JU55D/45DornrFkvx/m4aabIgAbTn/xKVBAg
3UAeozYt4mutLE4ic9qC94CmRQTF2Za7QOTIm9V8fHiNL1lGxyEn2GKwbhXQwbPo
HsGh7p8YIS4IRzD+0RYlyGE5i3zemBdYj7b9AQE1Sqk5W51VPXMLRxBLJl8yIy3c
pyRrWFcaG21lpQUXEjF7Vgupav79kQzPzAWtmazGkmLgdddS1SyVl73fN4TAl+j6
kjfCVczUQP5jKWYV8xdiGZhWfBQ5XdT5FW1VdEQXmv1AUyi6Ybti02xSylb65v2K
gtu5rvufYxifAm8BcFk4uSm1NeL9petn/+awH0s7sR0XwFnT8QSlDgc3O3/CpcWu
j8na7A2mUlN9fBJZANCFFYngFitZsRnyf2A/T4xKLL2xdYnywJMsgfVby+OP6NeN
MTv65sPcNqLJb6czjzPhGfoJ0lKys+W4g16VhvWVoqllaunMDr+R4oJapm6d9Kw0
nO+H6/vNDGhY5/cZXK2Y3HmTZbQ+bugfMxtOqlTBxehkyunFnid9b6ItbXMOXvu5
UCSent7H80YNZSh2PLACE3c/Fuh94YuJdLTNlZjNS4CpMUhsuydjHftYr6ibbhvD
BHAHdxpKTHjrAaknxzyPG+vlyv1houR+qlUxN53dMP2KCxgsXQTDurJC75bDGLNx
8OMhYHCCUQzhyA==
=31WW
-----END PGP SIGNATURE-----
News for package git
