Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted git 1:2.26.1-1 (source) into unstable
Date: Tue, 14 Apr 2020 18:49:00 +0000
Signed by: Jonathan Nieder <jrnieder@gmail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 14 Apr 2020 10:29:38 -0700
Source: git
Architecture: source
Version: 1:2.26.1-1
Distribution: unstable
Urgency: high
Maintainer: Jonathan Nieder <jrnieder@gmail.com>
Changed-By: Jonathan Nieder <jrnieder@gmail.com>
Changes:
 git (1:2.26.1-1) unstable; urgency=high
 .
   * new upstream point release (see RelNotes/2.26.1.txt).
     * Addresses the security issue CVE-2020-5260.
 .
       With a crafted URL that contains a newline, the credential
       helper machinery can be fooled to supply credential information
       for the wrong host.  The attack has been made impossible by
       forbidding a newline character in any value passed via the
       credential protocol.
 .
       Thanks to Felix Wilhelm of Google Project Zero for finding
       this vulnerability and Jeff King for fixing it.
Checksums-Sha1:
 666eeea45bf8a95d91daf017e6959bd6e1e0041f 2860 git_2.26.1-1.dsc
 9ec4ef53d157cb376aaedc0ca529d3857c3f8bf6 6006104 git_2.26.1.orig.tar.xz
 a2cc8fda6f1c3b1ffb5045298fd31fc226102324 646124 git_2.26.1-1.debian.tar.xz
 863c9e45c9853a2ffb65cac2eb75d25d200a0892 12103 git_2.26.1-1_amd64.buildinfo
Checksums-Sha256:
 15f08a650808a188e996302aabc9668d906498919b02508110f6343e581a0d7e 2860 git_2.26.1-1.dsc
 888228408f254634330234df3cece734d190ef6381063821f31ec020538f0368 6006104 git_2.26.1.orig.tar.xz
 986608f95e65f719a429ada5954f6fa6ca90d8243f6dbdefeade2d8411033d3d 646124 git_2.26.1-1.debian.tar.xz
 cf827b04a7e3ff6fd25257e2c467b03b9e646b9b4aec7ec903380e98f0ad7664 12103 git_2.26.1-1_amd64.buildinfo
Files:
 726b2b329c8e27b82810e8e72f010786 2860 vcs optional git_2.26.1-1.dsc
 50e68aaebbb554f4946d170a2765bfe7 6006104 vcs optional git_2.26.1.orig.tar.xz
 d96147752d87af1ca90532be40b8f5c1 646124 vcs optional git_2.26.1-1.debian.tar.xz
 beb0f91ceff24f62b0c0cb6d6bbe24d4 12103 vcs optional git_2.26.1-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCAAxFiEEUh5Y8X6W1xKqD/EC38Zx7rMz+iUFAl6WAIkTHGpybmllZGVy
QGdtYWlsLmNvbQAKCRDfxnHuszP6JajEEACofH4zYgWWGjQCmstnqrPkBINn1Cy2
lXHMIC6UE17X2M/DuFR0pK7/OsvQeaxtiqr0T+MOzChlJ7IQuWOgQDjbiQE9Xbyx
9wdi/pHuEvDG2mjl8zPh3f+3oHMFFpPm0uhbUcfA57SOKImu+ZEJhaZlzF/kE4UM
s/Fl9ZxQilHyLgPlyIwj0rZacuCkyX6lst6F7HgATY1Kiagdi4MGUIjv7+SYMokn
DmbmlJ6MLAEeE3fjJ9JEegDH3l5XIeHX7cKSq6jZWsgwudU9GAMLCZFigxYH2iV0
QZD8ICO/1nJsyxeJBRcKb4voNKAgLQ1Rlx8SvWTLv8xgHLIv8tkRPRImi5A1nX3o
tRoaLy+6bIujkhBZTBYz04OVkVI0kpZe1Gv+qeg7cZFGLuiCbKFbU9bhYdkA6ruM
ZqvreqHgs5nu+L1JPCunzZU1s8QwFvjHFePsyuqmCj+e8NzX/CM+2QaLYWrhxBXk
lxQ1qioVSkknhDExcyoN/If3I1rYaZWLYPoAl5KMpKYPjB4BUQx/B6KMYd16fNzl
QXKuKYMBahA4ssDvcHEFWZU/ez63qnBnVqa1jrDzxiVyzRBQdnDyyBXHSQpSYoDG
jowCv1LOqi2b0bP9/dgn2ZMXWQWmlRBRE8cDPshHvq+OdVJWiOl1yTLmqlAJFAAC
aOSeN4pbaBh4rA==
=KkyZ
-----END PGP SIGNATURE-----
News for package git
