-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 14 Apr 2020 23:25:24 -0400
Source: git
Binary: git git-man git-core git-doc git-arch git-cvs git-svn git-mediawiki git-email git-daemon-run git-daemon-sysvinit git-gui gitk git-el gitweb git-all
Architecture: source amd64 all
Version: 1:2.1.4-2.1+deb8u9
Distribution: jessie-security
Urgency: high
Maintainer: Gerrit Pape <pape@smarden.org>
Changed-By: Roberto C. Sanchez <roberto@debian.org>
Description:
git - fast, scalable, distributed revision control system
git-all - fast, scalable, distributed revision control system (all subpacka
git-arch - fast, scalable, distributed revision control system (arch interop
git-core - fast, scalable, distributed revision control system (obsolete)
git-cvs - fast, scalable, distributed revision control system (cvs interope
git-daemon-run - fast, scalable, distributed revision control system (git-daemon s
git-daemon-sysvinit - fast, scalable, distributed revision control system (git-daemon s
git-doc - fast, scalable, distributed revision control system (documentatio
git-el - fast, scalable, distributed revision control system (emacs suppor
git-email - fast, scalable, distributed revision control system (email add-on
git-gui - fast, scalable, distributed revision control system (GUI)
git-man - fast, scalable, distributed revision control system (manual pages
git-mediawiki - fast, scalable, distributed revision control system (MediaWiki in
git-svn - fast, scalable, distributed revision control system (svn interope
gitk - fast, scalable, distributed revision control system (revision tre
gitweb - fast, scalable, distributed revision control system (web interfac
Changes:
git (1:2.1.4-2.1+deb8u9) jessie-security; urgency=high
.
* Non-maintainer upload by the LTS Team.
* Apply patches from 2.20.3 to address the security issue
CVE-2020-5260.
.
With a crafted URL that contains a newline, the credential
helper machinery can be fooled to supply credential information
for the wrong host. The attack has been made impossible by
forbidding a newline character in any value passed via the
credential protocol.
.
Thanks to Felix Wilhelm of Google Project Zero for finding
this vulnerability and Jeff King for fixing it.
Checksums-Sha1:
c6009b540cd68c9d226fefbe098b4b6397f1973f 2817 git_2.1.4-2.1+deb8u9.dsc
565709b73928fe75d4bc5cc73dc369e008213ffa 528040 git_2.1.4-2.1+deb8u9.debian.tar.xz
dc11f97865a78e9f1b2a4b5e6732c91695720594 3227894 git_2.1.4-2.1+deb8u9_amd64.deb
660dd5f5f204f0293ee990329b811b8c07b73c20 1417312 git-doc_2.1.4-2.1+deb8u9_all.deb
a022e7d24803abe0814c105e1d5f0ebcea119a39 590862 git-arch_2.1.4-2.1+deb8u9_all.deb
476dc796b791770f47e323f9a9d4bf9f499dd308 640532 git-cvs_2.1.4-2.1+deb8u9_all.deb
d46c34e3251c05e0c193c5dc07571797156a4647 664450 git-svn_2.1.4-2.1+deb8u9_all.deb
d96ab5b8d7433bfab0d6d656b157bfe329da8e02 593138 git-mediawiki_2.1.4-2.1+deb8u9_all.deb
e8c013349c1eab4d86d04eee03ffc14e968783d0 579224 git-daemon-run_2.1.4-2.1+deb8u9_all.deb
9557a368379a144042c9389c55c6466a8cab7a63 580308 git-daemon-sysvinit_2.1.4-2.1+deb8u9_all.deb
9cfc8e6e5a337544e801978190f086438f493f53 597142 git-email_2.1.4-2.1+deb8u9_all.deb
da9b3cc766a65b65a03c6d76ee953212f6b3b054 768462 git-gui_2.1.4-2.1+deb8u9_all.deb
1b44161be0b9bbb4369c1a4b7b7cfdd744ead9ee 697428 gitk_2.1.4-2.1+deb8u9_all.deb
f84ef926cab9daf45aca2ae02360229d7c59ad6c 582064 gitweb_2.1.4-2.1+deb8u9_all.deb
7381dee3ebf55998511a3148e47f593fc846aa74 577566 git-all_2.1.4-2.1+deb8u9_all.deb
d4374ea8b89c9884fb57c01ab4d905dd8da7bc07 597306 git-el_2.1.4-2.1+deb8u9_all.deb
fef75fb7be9f76078eb443f82849e0d9828b1ee0 1270422 git-man_2.1.4-2.1+deb8u9_all.deb
6ed825233b419ff349436ca28cba4887e7a6bb2d 1494 git-core_2.1.4-2.1+deb8u9_all.deb
Checksums-Sha256:
66b76ef5b296c76061b4ec0a5c990c58da6917b8d07f5ba05fcbed2ac9e3ae68 2817 git_2.1.4-2.1+deb8u9.dsc
9e68630994676d3fd68ca55c1014114f624ff8cbbdb1d21e789e23ed208610b1 528040 git_2.1.4-2.1+deb8u9.debian.tar.xz
f36b897875fb6e5d4dbbd3109f81a41166edee4a9f637b6fed5dcb40e49e942c 3227894 git_2.1.4-2.1+deb8u9_amd64.deb
4f355d0d2e7321460f171ae0457e37f67e4826fb6c2a807fbdf40a9de15313fd 1417312 git-doc_2.1.4-2.1+deb8u9_all.deb
1b9f8c1e5144a87b271e73c90cf35544552c0eb2f18d07f7d957f7d7bf9779ab 590862 git-arch_2.1.4-2.1+deb8u9_all.deb
1f1c99f888a56756c5ba1ce642c23734392519d3641c4ecf3a5e95c4bc798121 640532 git-cvs_2.1.4-2.1+deb8u9_all.deb
85dccd18a0fe391484d6d22c7027d1f31bbbf67852d5aa8300dd5ba85ec2c2d1 664450 git-svn_2.1.4-2.1+deb8u9_all.deb
7c006db188a5f04232dd52b5df49cbc20e4b9ec6666744977b98ee21d4fa4a29 593138 git-mediawiki_2.1.4-2.1+deb8u9_all.deb
3e097674e22fd3c596ae349852c6e21f79f215cd07ab6a4fc884b56a7538f50c 579224 git-daemon-run_2.1.4-2.1+deb8u9_all.deb
23627df76b0f01ceffe36bdf12f98f35c36a8c1ee4e8feda376a4cd1b3097bec 580308 git-daemon-sysvinit_2.1.4-2.1+deb8u9_all.deb
e234baa177c520e4ac23c504739c606a28906532f90fac5b06ee1b2f3ef68d67 597142 git-email_2.1.4-2.1+deb8u9_all.deb
12747bdbd0953fada708f2e7355382dbace7a2f203c410348b79f288566e98bf 768462 git-gui_2.1.4-2.1+deb8u9_all.deb
b1152f9b4b1b5a52b51472621e98c410ee89c39fb60d3f5e129c765f591de4ca 697428 gitk_2.1.4-2.1+deb8u9_all.deb
37491939de10e48de48a15e88d52fc1383d259c808dfe2f0b48cc170a224d2e7 582064 gitweb_2.1.4-2.1+deb8u9_all.deb
d2323c355deb716d20b78531c27b87c03c9079c3cd2efbd77b9ba905f442035d 577566 git-all_2.1.4-2.1+deb8u9_all.deb
a1b0f118322af4c762da51b3d86eeb5ef5bdd9f448ca475bbd656f0a99c75967 597306 git-el_2.1.4-2.1+deb8u9_all.deb
b69f2bea2b00e0ec88b8539275a4dd64269ea1cf385ec8b00d7c2b54be11c65c 1270422 git-man_2.1.4-2.1+deb8u9_all.deb
f2ed7f2a33480d34d3379c4e151264226a79a4d4e2e02daef9ff5f4691c0216b 1494 git-core_2.1.4-2.1+deb8u9_all.deb
Files:
e0f9f3fd8b073e227593ad8ca5116c97 2817 vcs optional git_2.1.4-2.1+deb8u9.dsc
cd8e32e25b7a59a9da7ab262936735f2 528040 vcs optional git_2.1.4-2.1+deb8u9.debian.tar.xz
7530aae92755ed3335c07dbcbb7540d6 3227894 vcs optional git_2.1.4-2.1+deb8u9_amd64.deb
e73aafba6c1cb290f570fb0b92f91b29 1417312 doc optional git-doc_2.1.4-2.1+deb8u9_all.deb
8d2ddf23cf1a37b79326f53870104e22 590862 vcs optional git-arch_2.1.4-2.1+deb8u9_all.deb
98cafa8e67828a9d2043a403cec942ec 640532 vcs optional git-cvs_2.1.4-2.1+deb8u9_all.deb
cdbd0d0b97e32d61f11eecfb7389be6d 664450 vcs optional git-svn_2.1.4-2.1+deb8u9_all.deb
a12ce09f20db67b4b7227df503f37918 593138 vcs optional git-mediawiki_2.1.4-2.1+deb8u9_all.deb
9088a461ac85c367ccde55b465e8b1be 579224 vcs optional git-daemon-run_2.1.4-2.1+deb8u9_all.deb
b1c5f984dde48daa22b739648fe10910 580308 vcs extra git-daemon-sysvinit_2.1.4-2.1+deb8u9_all.deb
e5c49763d9b2e070e8e634680535b02c 597142 vcs optional git-email_2.1.4-2.1+deb8u9_all.deb
253553929acb5c1f7ba0e1919df03529 768462 vcs optional git-gui_2.1.4-2.1+deb8u9_all.deb
42dc7a48e552569c01b162cbf79a0c1a 697428 vcs optional gitk_2.1.4-2.1+deb8u9_all.deb
d55d4ba7d0052355956029b3b29bae9b 582064 vcs optional gitweb_2.1.4-2.1+deb8u9_all.deb
ec60227899e678e3cb4c296e914e82ee 577566 vcs optional git-all_2.1.4-2.1+deb8u9_all.deb
33adcb0799df77af6df3719fb7b7c712 597306 vcs optional git-el_2.1.4-2.1+deb8u9_all.deb
cfd34f835bb3589ccb11fbc4ee914308 1270422 doc optional git-man_2.1.4-2.1+deb8u9_all.deb
fae971c644aa709994ae8943524f470f 1494 vcs optional git-core_2.1.4-2.1+deb8u9_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEIYZ1DR4ae5UL01q7ldFmTdL1kUIFAl6Wgo8ACgkQldFmTdL1
kULRXw//WWuPo+MHijQcQ4FA9S32PZVdtwBZcRiX+V6pPiRQoo77PmaaNJoSFuRn
kVk4MpSi7eO2FmPnUm6vv+yPibUDA9RJkXsyJtBpObqZDD/1Gt1eCGsLp7dlPAMl
WyjXrQ5E2OdlwHcCCol18haYy5wxZ5euGYq06upj19aKeKgxkZN5ERUM/cf0pGry
E5gadjjraYvWNlP3a47fejI9LIKFpv3Tpno/4I4ClWEz49opWj7IY63+QGPZJpKr
ki3xObNlrGV+YygBKFaR4lFTc9Sgw7IGlbfPDsalv1+3vehbLCthJwFJXON1ixBs
YdMLs18YhU/yFi4F6eEcI3GlYJCX3lj9Y7UFamsx+3/dP55mPJnLXzBYxt4HUK4M
1aPuz8LM7CwANgMV3JWboBzK+hXmrTon0tIMECo4pe0g+G2Z9Z1VwKrSJFdSKW53
k5qITIQQCJxLxtTZcwjlSzbJMAnuqz36FogK3//mrBPmhe4YQOhUicsLGoNaazEX
2aGbnhx886ESEAl70dLEKfKvjoHPGLFY+miAppsshu8jBcSa9C2pn3Yk4h0ZqYsY
UHtwrWViLA56DFakBpai6+H7hGU+TsfVaTdXsSorOwcmWyJPKZqdR7ZsN6FYrihy
OToXxlZu4XR9tCZwmdf+cQvmiuKMmIKujICrnk+o/Z+8CtfWJ+8=
=s10w
-----END PGP SIGNATURE-----
