Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted git 1:2.30.2-1+deb11u1 (source) into proposed-updates
Date: Tue, 31 Jan 2023 17:47:38 +0000
Signed by: Aron Xu <aron@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 26 Jan 2023 22:59:15 +0800
Source: git
Architecture: source
Version: 1:2.30.2-1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Jonathan Nieder <jrnieder@gmail.com>
Changed-By: Aron Xu <aron@debian.org>
Changes:
 git (1:2.30.2-1+deb11u1) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2022-23521: multiple integer overflows while parsing gitattributes
   * CVE-2022-24765: owner check for the top-level directory to avoid
     discovering a repository in a directory that is owned by someone other
     than the current user, which may lead to arbitary command execution
   * CVE-2022-29187: code execution and privilege escalation when the
     repository directory and gitdir have different ownership
   * CVE-2022-39253: exposure of sensitive information while performing local
     clone from malicious repository
   * CVE-2022-39260: integer overflow and out-of-bouns array reads/writes in
     git shell's command line input processing
   * CVE-2022-41903: integer overflow in commit formatting machinery
Checksums-Sha1:
 c89c0b4242dddef6142dd6c7cdcd8b9b825ea346 2525 git_2.30.2-1+deb11u1.dsc
 76b3118428fe59dd95bf4fa918244a8396f32bea 6329820 git_2.30.2.orig.tar.xz
 7c557113b6243d322cd230abebaf001f35f27ba8 692344 git_2.30.2-1+deb11u1.debian.tar.xz
 dc6264da4c13cdde72c6098b808118f4df854978 7429 git_2.30.2-1+deb11u1_source.buildinfo
Checksums-Sha256:
 1d3c0316e32555fa14bb2af6379eb5b9442343162797c67f6e2616effca47663 2525 git_2.30.2-1+deb11u1.dsc
 41f7d90c71f9476cd387673fcb10ce09ccbed67332436a4cc58d7af32c355faa 6329820 git_2.30.2.orig.tar.xz
 ca4b7d68338a9c61a322294ea2d7fc52669e47b4904e1f694c6094acfcbc6037 692344 git_2.30.2-1+deb11u1.debian.tar.xz
 016d1af7516e21ad8e71e1966343f88198c160ec2d57ecd1710d3f08821b8a96 7429 git_2.30.2-1+deb11u1_source.buildinfo
Files:
 885681b636fa063b14260cba80de23b6 2525 vcs optional git_2.30.2-1+deb11u1.dsc
 53f3e1424598cd24eaf78588bcf90816 6329820 vcs optional git_2.30.2.orig.tar.xz
 d5211b41ecf85df86e319ce3e5116d05 692344 vcs optional git_2.30.2-1+deb11u1.debian.tar.xz
 20c1d6599b2d1a37277cd5c80c95efc9 7429 vcs optional git_2.30.2-1+deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmPWDoUACgkQO1LKKgqv
2VQBdwf/dHzEpxb9gCNUOZlqOoQLuGz3NhKDrLG4DE7snBLqIGxgUTdXIVoEPWZd
hMwVW36vSoLLVFBk9fmQn8e87FCif9OlWHpSyT0cY6OZksebVoz8itQ+1QlGuyvR
wMlhab7/dbJRcoG6iUSQOJhFvJaqg6bpDVqjM9AV/eaGMUR2Efz509kpmz9YB2Zb
NamXFduo1FVylDuuRS68RN+qeFlVpHx5tDTaX1OuqOiOhM6CU0+EK6/mHocBJMGT
NK5vc9+qo5M+UL2SF9dAjLAgNz5zSO+tsdGGtI689JV9MnZYGFnwQ0OrV25uF6uX
cDZXXEkoDYYEtNIScnQPuAaF5KIXLg==
=PKEC
-----END PGP SIGNATURE-----
News for package git
