-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 12 Apr 2020 00:24:43 -0700 Source: git Binary: git git-all git-cvs git-daemon-run git-daemon-sysvinit git-dbgsym git-doc git-el git-email git-gui git-man git-mediawiki git-svn gitk gitweb Architecture: source all amd64 Version: 1:2.20.1-2+deb10u2 Distribution: buster-security Urgency: high Maintainer: Gerrit Pape <pape@smarden.org> Changed-By: Jonathan Nieder <jrnieder@gmail.com> Description: git - fast, scalable, distributed revision control system git-all - fast, scalable, distributed revision control system (all subpacka git-cvs - fast, scalable, distributed revision control system (cvs interope git-daemon-run - fast, scalable, distributed revision control system (git-daemon s git-daemon-sysvinit - fast, scalable, distributed revision control system (git-daemon s git-doc - fast, scalable, distributed revision control system (documentatio git-el - fast, scalable, distributed revision control system (emacs suppor git-email - fast, scalable, distributed revision control system (email add-on git-gui - fast, scalable, distributed revision control system (GUI) git-man - fast, scalable, distributed revision control system (manual pages git-mediawiki - fast, scalable, distributed revision control system (MediaWiki re git-svn - fast, scalable, distributed revision control system (svn interope gitk - fast, scalable, distributed revision control system (revision tre gitweb - fast, scalable, distributed revision control system (web interfac Changes: git (1:2.20.1-2+deb10u2) buster-security; urgency=high . [ Salvatore Bonaccorso ] * new upstream point release (see RelNotes/2.20.3.txt). * Addresses the security issue CVE-2020-5260. . With a crafted URL that contains a newline, the credential helper machinery can be fooled to supply credential information for the wrong host. The attack has been made impossible by forbidding a newline character in any value passed via the credential protocol. . Thanks to Felix Wilhelm of Google Project Zero for finding this vulnerability and Jeff King for fixing it. Checksums-Sha1: cd8d230a7deb4453417e13375bcb314048220de5 2923 git_2.20.1-2+deb10u2.dsc b913bff5d32d5a0272b51aed40a4f16727216f1f 636904 git_2.20.1-2+deb10u2.debian.tar.xz ba203bb32c6319e76e542cfbb021a3af53bd4fa9 792736 git-all_2.20.1-2+deb10u2_all.deb 06da9a1d672d3e94ac6babcb08bab182146db6db 855916 git-cvs_2.20.1-2+deb10u2_all.deb 1877e1d1ed57b8ce04a8a0efe74becfe2af42eb8 794376 git-daemon-run_2.20.1-2+deb10u2_all.deb 083dd236a6e369c3662d54444865402ac5ed3d8c 795416 git-daemon-sysvinit_2.20.1-2+deb10u2_all.deb 19b6fa34825b34b7e9b54178cfecc6043ec73e46 45478788 git-dbgsym_2.20.1-2+deb10u2_amd64.deb 2422c99dcb586c700b1db298a27725b96b5becb2 1736980 git-doc_2.20.1-2+deb10u2_all.deb b9fa15a26c9681de60817e15d4532c7dd5f429dd 795120 git-el_2.20.1-2+deb10u2_all.deb fd926a11c72a5cb40ef552d600f0625989975537 816828 git-email_2.20.1-2+deb10u2_all.deb d9d66c0f19ced89c0cc1538eb969190bd6f242b3 1002240 git-gui_2.20.1-2+deb10u2_all.deb 3b13672167bafb00451d580ce020289d63180d9b 1620168 git-man_2.20.1-2+deb10u2_all.deb 7251b4df6a250767a70dff657577f0f35fdf2738 807920 git-mediawiki_2.20.1-2+deb10u2_all.deb 0caf5181337d6692c6bd30ac70c9a8f4c8c75873 866972 git-svn_2.20.1-2+deb10u2_all.deb aab98d935175b35485ad87a2020d5cd7e25f1d09 12645 git_2.20.1-2+deb10u2_amd64.buildinfo de20eaf0324639c995acdf685d5e4503e446d770 5628612 git_2.20.1-2+deb10u2_amd64.deb 46430308f57c2be2d78a529fd270e960035cd83e 922360 gitk_2.20.1-2+deb10u2_all.deb b1e181504350f345e68017915ab19f6da752cecd 797000 gitweb_2.20.1-2+deb10u2_all.deb Checksums-Sha256: 6aabffbb0392172cbe82c9f585c0e7b7a98e1741d7280310f212e44e1731413a 2923 git_2.20.1-2+deb10u2.dsc 6ab6020d82ef9991c4fe2bc1bc2c517c744c21e0e541a094e1952dff39c55357 636904 git_2.20.1-2+deb10u2.debian.tar.xz 337c07a350f944cad1eb9e562f469f81b7bf5485cba716960e1c191e325ce726 792736 git-all_2.20.1-2+deb10u2_all.deb dd7932629c21fee8ddcfc20894ec32fbcce6d89d5ece11fc520d1f34597ea2aa 855916 git-cvs_2.20.1-2+deb10u2_all.deb 82376fc241206500aae19eabc8e58f35c5a16e06df5e6a405941ea02fddb888f 794376 git-daemon-run_2.20.1-2+deb10u2_all.deb 7b7cabba17311f7940da4e1c252fd40e733c595b8b4f44d3e983e93e89a2f455 795416 git-daemon-sysvinit_2.20.1-2+deb10u2_all.deb d4163309b62335a9c52b65b9af501f3e3018c5237bf270d87c1178259d5fe8b8 45478788 git-dbgsym_2.20.1-2+deb10u2_amd64.deb 9f4c65c94b065937c41967659ce189026a7b3200f52b7b528a9250b67ff11efa 1736980 git-doc_2.20.1-2+deb10u2_all.deb 65e28a047590217cfafe09258d8218b93056fef9ffad7b2147920870b38d4ae2 795120 git-el_2.20.1-2+deb10u2_all.deb 10ad90bd55122c5de22e8e8f2e2f0b5d35bc98155fc49ffb9840b82afe4f7b54 816828 git-email_2.20.1-2+deb10u2_all.deb 0fcb68b3febaee487793a3d68b6737f5c604cfd375486cd7080687b01fbc80e9 1002240 git-gui_2.20.1-2+deb10u2_all.deb ee7658cf6d2085818818d0e091d5526bfce9728aaa6bb395d6b2ac989d8ef543 1620168 git-man_2.20.1-2+deb10u2_all.deb d6d878623806be19a05587459e3ec708c1e0f79b61b1fe95f6c9ed526abd404a 807920 git-mediawiki_2.20.1-2+deb10u2_all.deb d4f1dc7b297baef0dc9a3bf39f179fbbdc16485a8c36f52fcda77b06842bc1ca 866972 git-svn_2.20.1-2+deb10u2_all.deb 375a4e53f44dbe408ef31405de46233dcc0be18efa0dfdacc79fbe6df71710e8 12645 git_2.20.1-2+deb10u2_amd64.buildinfo c62549527f6bc712db1e21ea297a494b89e3910df9b1de4423ba9ef256e81c75 5628612 git_2.20.1-2+deb10u2_amd64.deb df6077fcd4baf913bc300c7c370743bdd4dc26c28c03832597a962b2adbbc1ff 922360 gitk_2.20.1-2+deb10u2_all.deb 6c455e99a0f5f0808698116e51723295d2a372c3bcbbcb6fd262ed40647cdec9 797000 gitweb_2.20.1-2+deb10u2_all.deb Files: f7d88d7e4defc74ffc6b2777ff65c493 2923 vcs optional git_2.20.1-2+deb10u2.dsc cc15595394a842d180e81c6e37d7adde 636904 vcs optional git_2.20.1-2+deb10u2.debian.tar.xz 0b740ed1d107dc7668734891f81a77f7 792736 vcs optional git-all_2.20.1-2+deb10u2_all.deb 97ddabcd505a18dc3c31c3730b69cdfc 855916 vcs optional git-cvs_2.20.1-2+deb10u2_all.deb 29179e8bb230174f50c30eec0a1ce620 794376 vcs optional git-daemon-run_2.20.1-2+deb10u2_all.deb e5bc19f6715e05091c754a498b221465 795416 vcs optional git-daemon-sysvinit_2.20.1-2+deb10u2_all.deb 3a222a03869a7189df2fc4e1c5778cd8 45478788 debug optional git-dbgsym_2.20.1-2+deb10u2_amd64.deb b9ea85cafacad331bb3739237858eb30 1736980 doc optional git-doc_2.20.1-2+deb10u2_all.deb 7adebad10c2e74cf7a9890f15d428e49 795120 vcs optional git-el_2.20.1-2+deb10u2_all.deb 9d8d017c3095c6e6930e8c51bc71ba15 816828 vcs optional git-email_2.20.1-2+deb10u2_all.deb a3ce9272b004f480ca5b6bbeae497605 1002240 vcs optional git-gui_2.20.1-2+deb10u2_all.deb c96cffae88a4ca2bfe7f6087ba0ef0e9 1620168 doc optional git-man_2.20.1-2+deb10u2_all.deb 1140730840f74a6760b297c04a90c965 807920 vcs optional git-mediawiki_2.20.1-2+deb10u2_all.deb ff0ded83024074241307d324ed750734 866972 vcs optional git-svn_2.20.1-2+deb10u2_all.deb ac3f3c702ad5ead8f34c3eb462cc3fc0 12645 vcs optional git_2.20.1-2+deb10u2_amd64.buildinfo 59ef7ac1314a58fdc0e45e81dfb3efbe 5628612 vcs optional git_2.20.1-2+deb10u2_amd64.deb 250a38fafbc3d429cfeecbea8e840c38 922360 vcs optional gitk_2.20.1-2+deb10u2_all.deb 80972ac61a4afcedc94a2afe15009912 797000 vcs optional gitweb_2.20.1-2+deb10u2_all.deb -----BEGIN PGP SIGNATURE----- iQJHBAEBCAAxFiEEUh5Y8X6W1xKqD/EC38Zx7rMz+iUFAl6T02UTHGpybmllZGVy QGdtYWlsLmNvbQAKCRDfxnHuszP6JYfzD/41+n1kswuyGqgUrhQTF/eCwToPJFij 7GNOdYutgFv50VKsrFYm0RJJBfEdKAlqGsNytkRGl2gNgQuxjvJ1iMiIBJ8zn7VU SVcoThfutqAB5SAG1uYYhyuSkEkrpr4LAP3ImxWBZtw7SgWZrDPX7KvCpnML6ugT BH119yxj2yIvTOBL6pZ6SBUj9z/r41SfYpE/9Piq0mn9tfYxj1LaYJpahUuwyEir U3Qdq2HRFcPGUe1HOJ7VfMXJDV2LNfP0XkbuHLgBqxp0nfTfMicNCkgVUo1bcd/5 ECuqHgYLau5Ss9aIqNQtoNbJV9eIFvp6ijsj/FEBndXrHzFFZvat6M6O/Uy011Zt NOqZLqoaSmdBimE1tFTwv1FprLNqHYaTNFAlYlcYe5Oyy/+HI16tlYIy+ruLfpFL 0ns8sJE2u2WWgnBzj2pftHK5APenIS//zQjsPT7ISiQgJfV0FZ1qseepakvSo+WI q1+NB/h1PwHyJ4GdA3PGllb+SH7PWvOzdrvzpoxVCYqWzQwCZWA2AKg6q4tHuDqq JxCUZce+MMst17L02whOtWACiVktcIaZnn/ihhRLy8aybqz9wsd6LX/2FPNjUohx 36fEtgoeMSwTleaQ8QvArM801px7Uz/G1Ay+CXQyWVEhzu45liKDBwFoC6Sr0dql gecf26id/6/+tQ== =kmgw -----END PGP SIGNATURE-----