Debian Package Tracker

From: Jonathan Nieder <jrnieder@gmail.com>
To: <debian-changes@lists.debian.org>
Subject: Accepted git 1:2.11.0-3+deb9u5 (source all amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
Date: Sat, 14 Dec 2019 20:47:41 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 10 Dec 2019 08:14:58 +0000
Source: git
Binary: git git-man git-core git-doc git-arch git-cvs git-svn git-mediawiki git-email git-daemon-run git-daemon-sysvinit git-gui gitk git-el gitweb git-all
Architecture: source all amd64
Version: 1:2.11.0-3+deb9u5
Distribution: stretch-security
Urgency: high
Maintainer: Gerrit Pape <pape@smarden.org>
Changed-By: Jonathan Nieder <jrnieder@gmail.com>
Description:
 git        - fast, scalable, distributed revision control system
 git-all    - fast, scalable, distributed revision control system (all subpacka
 git-arch   - fast, scalable, distributed revision control system (arch interop
 git-core   - fast, scalable, distributed revision control system (obsolete)
 git-cvs    - fast, scalable, distributed revision control system (cvs interope
 git-daemon-run - fast, scalable, distributed revision control system (git-daemon s
 git-daemon-sysvinit - fast, scalable, distributed revision control system (git-daemon s
 git-doc    - fast, scalable, distributed revision control system (documentatio
 git-el     - fast, scalable, distributed revision control system (emacs suppor
 git-email  - fast, scalable, distributed revision control system (email add-on
 git-gui    - fast, scalable, distributed revision control system (GUI)
 git-man    - fast, scalable, distributed revision control system (manual pages
 git-mediawiki - fast, scalable, distributed revision control system (MediaWiki re
 git-svn    - fast, scalable, distributed revision control system (svn interope
 gitk       - fast, scalable, distributed revision control system (revision tre
 gitweb     - fast, scalable, distributed revision control system (web interfac
Changes:
 git (1:2.11.0-3+deb9u5) stretch-security; urgency=high
 .
   * Apply patches addressing the security issues CVE-2019-1348,
     CVE-2019-1349, CVE-2019-1352, CVE-2019-1353, and CVE-2019-1387.
 .
     Credit for finding these vulnerabilities goes to Microsoft
     Security Response Center, in particular to Nicolas Joly. Fixes
     were provided by Jeff King and Johannes Schindelin with help
     from Garima Singh.
 .
   * Reject setting "update = !command" in .gitmodules. This makes
     the behavior better match Git 2.24.1 which made the same change
     to address the arbitrary code execution issue CVE-2019-19604
     (which does not affect Git versions before 2.20.0).
 .
     Also reject "update = !command" in fsck. This ensures that if
     Git is run as a server with "transfer.fsckObjects" enabled,
     it cannot be used to attack clients vulnerable to
     CVE-2019-19604.
 .
     Credit for finding this vulnerability goes to Joern
     Schneeweisz from GitLab.
Checksums-Sha1:
 daa466c67bfb047fd6808a9dc70e7f98274d197d 2944 git_2.11.0-3+deb9u5.dsc
 aafe83cd46a30b08578bb06a861ef9c6ce2d145f 572380 git_2.11.0-3+deb9u5.debian.tar.xz
 51c7849e30f20ece61577337a2568c39ae7ef803 672550 git-all_2.11.0-3+deb9u5_all.deb
 3c0227a52950aebd645fd5ac20c12b08033a46ad 685194 git-arch_2.11.0-3+deb9u5_all.deb
 8257f0005279acdd921121df5174fe9bc6af8e84 1416 git-core_2.11.0-3+deb9u5_all.deb
 9e65d1b7ddc58b63ab0a2a0f69e99cb2701d38cc 735770 git-cvs_2.11.0-3+deb9u5_all.deb
 2043ab3d48adeec3248d1d7dd4a94f2e984b7e99 674106 git-daemon-run_2.11.0-3+deb9u5_all.deb
 6cdb2bd1a7a41a35b052b02becbec8abf55dfc35 675266 git-daemon-sysvinit_2.11.0-3+deb9u5_all.deb
 b8655ad56f2fc5749842dd0cd06be5d6f61d73b3 30257960 git-dbgsym_2.11.0-3+deb9u5_amd64.deb
 77f28bc066a2cbb5182cc770b74ce3249d6af619 1535688 git-doc_2.11.0-3+deb9u5_all.deb
 7105cbe4cf81b462be1b13474c0c2c01343d480c 692144 git-el_2.11.0-3+deb9u5_all.deb
 911105e118b1a61f9aa5722dbd34ecef3f54c21c 694326 git-email_2.11.0-3+deb9u5_all.deb
 411c1eb94d918b6a46ec943192d94a1f7364558d 882122 git-gui_2.11.0-3+deb9u5_all.deb
 19871ac0100dcdb49ece5989505b32fb48a2ca2c 1433336 git-man_2.11.0-3+deb9u5_all.deb
 457d2fbcd04ddbfc9e35a3865570e7bcc9b2174c 687438 git-mediawiki_2.11.0-3+deb9u5_all.deb
 61085af7b31153846d8141a342ccaa6a886cd0e3 757270 git-svn_2.11.0-3+deb9u5_all.deb
 3c747ec73caf4eedc2c48b87cd82f7a471e4ca73 12787 git_2.11.0-3+deb9u5_amd64.buildinfo
 7047550d076d471a7089714777c43cf1bbe20f8f 4160742 git_2.11.0-3+deb9u5_amd64.deb
 9114116dd2e4fef818d278fd5dfc197241a5eb92 798604 gitk_2.11.0-3+deb9u5_all.deb
 f8e071fa62bf6e6384f9f2fd2ac15b9356b2e8d5 676010 gitweb_2.11.0-3+deb9u5_all.deb
Checksums-Sha256:
 0a0eeebee1b417f964ab45a0cec7c2a0835639960da68b86db618776bae6521f 2944 git_2.11.0-3+deb9u5.dsc
 ccf9c4a9c59ddc34df84b72e8bf8226328359abbf91205c397fabbb7c8168d8d 572380 git_2.11.0-3+deb9u5.debian.tar.xz
 9b51811a8f23b164c2564b0ac535e211afa648562c2f1b69f9f767a3fedef466 672550 git-all_2.11.0-3+deb9u5_all.deb
 9b93cdb716c7fbfa3b5086db0fc9d1ff2affac903597230cabaa5795864c8666 685194 git-arch_2.11.0-3+deb9u5_all.deb
 8f349e14597d588606086a12ebe5928436f4d0ba5b27886ef2b3570f9141b2ad 1416 git-core_2.11.0-3+deb9u5_all.deb
 094269b74bd6695ee58a0ed8b3767cf2582f96303192acc384d90731b262b0a7 735770 git-cvs_2.11.0-3+deb9u5_all.deb
 63a015f69aa35e6094a282d923bf03b6154a6ee96a3518b370d7c7c6a57366fa 674106 git-daemon-run_2.11.0-3+deb9u5_all.deb
 b0a81619a21dba8fa71345524840346cd81143f870ca4704b318e26547e9a49f 675266 git-daemon-sysvinit_2.11.0-3+deb9u5_all.deb
 1ea297738b54e4c9f6ee62e077e277349d2f28b9ee38568ad9d21aef50a8efe1 30257960 git-dbgsym_2.11.0-3+deb9u5_amd64.deb
 8d6013d4038841802cfd72bc500f89970a52b2e07d4f5ba2686cbbc4cf089389 1535688 git-doc_2.11.0-3+deb9u5_all.deb
 f29ec69b159a1950808e75a44fa3c256eb4d90f307b5a245502c7208105d63ed 692144 git-el_2.11.0-3+deb9u5_all.deb
 d37dfb0ba6c507f5b1ca0098d2c4646aaf566ab2d0f674dab700fe4a81eec877 694326 git-email_2.11.0-3+deb9u5_all.deb
 755c46eea594e31659d4f62feaf0fb810e799dfb693861795bcf632f4c6a8251 882122 git-gui_2.11.0-3+deb9u5_all.deb
 32277ac9131405828db4e3d1e64141ac31bb4e68f4ae8f2c2f65b125c6fc0dad 1433336 git-man_2.11.0-3+deb9u5_all.deb
 5c50866701399b83d0d29aa6d9cf7fa634534bf0a802d84d83617b725a46a375 687438 git-mediawiki_2.11.0-3+deb9u5_all.deb
 0b08ad4222bbadf044c54326fa7e7f33889c83cee27b9c33c80694d04f7890ee 757270 git-svn_2.11.0-3+deb9u5_all.deb
 f90e41ff9ffe858867fe0668fb046d21fb4eb0545138fd13bb0b760d2aeca6e4 12787 git_2.11.0-3+deb9u5_amd64.buildinfo
 70b7828eb06e5e40fde8b6085b7a36f859731bf44a94a191b3c7e3276ea9b813 4160742 git_2.11.0-3+deb9u5_amd64.deb
 2714bc8f77da15bd3fa0d12aa9d351848ce877331f59fdbfdacefc83dc7d83e9 798604 gitk_2.11.0-3+deb9u5_all.deb
 d986308f48d1fb2fa3f0c24c306b5735a1f46b29ef3e55af4e52668dae2bec43 676010 gitweb_2.11.0-3+deb9u5_all.deb
Files:
 c0209dac3d6874eaeef75e12407ccc14 2944 vcs optional git_2.11.0-3+deb9u5.dsc
 6a91d9c7733bc700fd46b15dcf82b2fa 572380 vcs optional git_2.11.0-3+deb9u5.debian.tar.xz
 97f7a3e9e1459c6b199fc6da0e748914 672550 vcs optional git-all_2.11.0-3+deb9u5_all.deb
 3c01cb35469e1ce92980e1bc68d7e7a8 685194 vcs optional git-arch_2.11.0-3+deb9u5_all.deb
 9e6a4cdf25aef948ba6073f89c4d6043 1416 vcs optional git-core_2.11.0-3+deb9u5_all.deb
 2ec6eacb717e3f63b726ccce88d276c6 735770 vcs optional git-cvs_2.11.0-3+deb9u5_all.deb
 ad9dbe598641100dd2352bbd6a3cc5d1 674106 vcs optional git-daemon-run_2.11.0-3+deb9u5_all.deb
 fa0f22bb1ce02cc69f27b391b650c60e 675266 vcs extra git-daemon-sysvinit_2.11.0-3+deb9u5_all.deb
 cc0cb9f7277028477cbb225e2c9b2c06 30257960 debug extra git-dbgsym_2.11.0-3+deb9u5_amd64.deb
 e95a7de7c43e849fe8bf9cff5efbc574 1535688 doc optional git-doc_2.11.0-3+deb9u5_all.deb
 988bb2807339e66ce03363aadeeb0c06 692144 vcs optional git-el_2.11.0-3+deb9u5_all.deb
 fe59935f7ed3ee41ddef42a0b33e98ed 694326 vcs optional git-email_2.11.0-3+deb9u5_all.deb
 a1e87dcc91ba21a4bfb0a86123443f02 882122 vcs optional git-gui_2.11.0-3+deb9u5_all.deb
 97e6752357b6db6278032a1c1e431908 1433336 doc optional git-man_2.11.0-3+deb9u5_all.deb
 63e6fb543afcd696c931ea513a4354ef 687438 vcs optional git-mediawiki_2.11.0-3+deb9u5_all.deb
 4cde98b7d88f7ea0bfee47208608579b 757270 vcs optional git-svn_2.11.0-3+deb9u5_all.deb
 670000643d5bd18d9dd38d97379e834b 12787 vcs optional git_2.11.0-3+deb9u5_amd64.buildinfo
 9870d7b5b61dd9ded1a8b6447e032002 4160742 vcs optional git_2.11.0-3+deb9u5_amd64.deb
 70792ffedfd2f02cf325201e2347ad90 798604 vcs optional gitk_2.11.0-3+deb9u5_all.deb
 d8eb1e90c98068f8e08c49142e205965 676010 vcs optional gitweb_2.11.0-3+deb9u5_all.deb

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCAAxFiEEUh5Y8X6W1xKqD/EC38Zx7rMz+iUFAl3vWAoTHGpybmllZGVy
QGdtYWlsLmNvbQAKCRDfxnHuszP6JQiyEACA4i+CsWTqhw9bonmCOOri2FWXmpn4
SUOJvDFKpY8xMfH7GRoVro82K2oAIqnLFBk3+/UW6fmjEWSjQKXwdiSMj4ELRNnc
FN1Nnu1nfADwvlvE2Z23IwD5DJ9Z2UcUXbE4DANVxaudM1G2OZ8r6ZZ/n772QJy8
W4fgJX6rrh2J7L3C5TVIryisHzeo0B1f0Goi7DHS6J10bFDIJ+o24Q61kJd6Nadr
R8zvUGpOTMt2cIiPTrfzvDqERQUIfMhg5ANHOZ2T8A2FjnKGbG1kqykJLrn0yfhh
YK6h6NhZG3fclmHbgPOZTP74BGPLoT7s31ZiDqqD7wK+LJOsIgn50zLBasEO4UYb
+albl2NM9aKRKwKLhAJqZXBhkfhpddBYCoMuzMKo6B/4TOuevbOn3Iph3RsiS66f
iSnIN/1YUy/vDiFcyVryR7wl18OchfsnIPu7GWxeixzKdbWAmRH+OHrcHJ7jF1XB
j8J+AEQm3pNpM/+0pxuBNL1/92xljBKuGkfvjfozMg25XSYLt01D9ZGR97IFdbeH
Undz9do6cTMP7riMEHceKFNd7cZuBrtCZ6W5YoVhqplYkGT65kRV57qGldTztYSj
/+i80rI9f7NGRxDFBepqJgMxcEVSFxxd5UXlafY5B7PkIzAYnwh3mohQLx7OCwrG
o4fF8frk4E8x9Q==
=evA6
-----END PGP SIGNATURE-----
News for package git
