Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted powerline-gitstatus 1.3.2-0+deb10u1 (source) into oldstable
Date: Fri, 20 Jan 2023 16:10:18 +0000
Signed by: Markus Koschany <apo@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 20 Jan 2023 16:55:56 CET
Source: powerline-gitstatus
Architecture: source
Version: 1.3.2-0+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Python Applications Packaging Team <python-apps-team@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 b15b3d72ec8df8725736d022fb1ce916941e4b23 2517 powerline-gitstatus_1.3.2-0+deb10u1.dsc
 5272e44082be3d5f8f21c2341b925ea4eb617831 18907 powerline-gitstatus_1.3.2.orig.tar.gz
 f637ed84754ec03390ba03b78f8a635fb0d5297d 4136 powerline-gitstatus_1.3.2-0+deb10u1.debian.tar.xz
 a0b48e29c2c2d230b25ecac85eb16ffe3cfec351 6865 powerline-gitstatus_1.3.2-0+deb10u1_amd64.buildinfo
Checksums-Sha256:
 ed9fac510c53b4b2f718e3f9be3f26b39601ac8b7c995499d73b7943d7e4e3ff 2517 powerline-gitstatus_1.3.2-0+deb10u1.dsc
 1d4a0ef1eafa6ac9d28981e2f27948c9b347d43549e075ae8fdc4406ace56cc6 18907 powerline-gitstatus_1.3.2.orig.tar.gz
 fb8815f08e2c530200cdd2908c930b554b7f996a78a1d86831a525118cde9b7d 4136 powerline-gitstatus_1.3.2-0+deb10u1.debian.tar.xz
 9a34f4ada75807d8f9adf0a84edd1559ade12f07c8bd6abf8f18a0500d4e7fb6 6865 powerline-gitstatus_1.3.2-0+deb10u1_amd64.buildinfo
Changes:
 powerline-gitstatus (1.3.2-0+deb10u1) buster-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2022-42906:
     Powerline Gitstatus, a statusline plugin for the VIM editor, allows
     arbitrary code execution. Git repositories can contain per-repository
     configuration that changes the behavior of git, including running arbitrary
     commands. When using powerline-gitstatus, changing to a directory
     automatically runs git commands in order to display information about the
     current repository in the prompt. If an attacker can convince a user to
     change their current directory to one controlled by the attacker, such as
     in a shared filesystem or extracted archive, powerline-gitstatus will run
     arbitrary commands under the attacker's control.
Files:
 0698a37f189aedda4f5c6db9b6469bed 2517 python optional powerline-gitstatus_1.3.2-0+deb10u1.dsc
 865693f6f80562330ddd9fca878f1d56 18907 python optional powerline-gitstatus_1.3.2.orig.tar.gz
 f4cd6072d0bb05c36eee7d9a67e8f176 4136 python optional powerline-gitstatus_1.3.2-0+deb10u1.debian.tar.xz
 0f63db1eec7d1708a1fd748882f2b8a7 6865 python optional powerline-gitstatus_1.3.2-0+deb10u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmPKuZVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HktZEP/Rl+A5/O6zEhv62kLvk7buqNmMFm1pfzXjmz
vL3tSVhjWbjy7kMblSwI4OOnYb2AfLQ/rGLikNdYvi8JbTajJm5rG5JhszmMwsMp
0CCMbHzhvtUddApFTngz5nWETr5Y7a2dMxqIZ2gCd9vi2cBWAhOnYMu3iEx2fvCK
1Zp6GaNTcjDi98t9tmIfHX4WnU/EknWZGCsPhJ+Ck7YwkcienHhMsSH+XOx8wOh6
ilF20sdr//DTOFLjkEnwPaPzTiys1H6dBlEp6fI/C1HqFh6GoDSDb7lv94+8AmpD
dEtSCPUy62pbuy0HlsNt3YBv4fsYllOtqL59HVmCid7L0IELcHzn8JyxgGAchA41
p7zApBDb3BLVRyeXeM2cVlx8PXM+ZTmpCA/KAp+a84fTncE86rwEhekK8WOxG8T/
1ot3BvpZifWpxmppAwX0j+H/FKmUk2QgJofIB2A399ZaDhAsyLOko1hm/HlcaNy6
DmDUSLv3TUZANd+PnnCbjaErcDXkcxpti58zc7D0+h0VPgmO7S/9hl0zC8rygXsC
8tvf8PcruuEVRZk/eNPAx3FCpwjREgqZ1fYg1b/BCOn90miHb1nJ8HitYE9q4AUe
aU3fQjogTzXr4wvx8zymlB25aZH14/XHUwVkAj9wbhAgQWuS9tOsEqgxJ5GK/efb
iXNqS0b4
=5tru
-----END PGP SIGNATURE-----
News for package powerline-gitstatus
