-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 22 Feb 2023 17:51:09 +0800 Source: git Architecture: source Version: 1:2.30.2-1+deb11u2 Distribution: bullseye-security Urgency: high Maintainer: Jonathan Nieder <jrnieder@gmail.com> Changed-By: Aron Xu <aron@debian.org> Changes: git (1:2.30.2-1+deb11u2) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2023-22490: data exfiltration while performing local clone from malicious repository * CVE-2023-23946: path traversal vulnerbility in git-apply that a path outside the working tree can be overwritten as the acting user Checksums-Sha1: d70cf7b6d7911420705654d67c905be7a625bfbd 2525 git_2.30.2-1+deb11u2.dsc edacf69b3db1153a083dde7c4f4e58d567a9290b 698392 git_2.30.2-1+deb11u2.debian.tar.xz 4ab4bcb5f3fdd6625b44b1cedc22c091ac01ade7 7429 git_2.30.2-1+deb11u2_source.buildinfo Checksums-Sha256: 81c919ef1a321ae7c6eb9ecbb29d1c0fc052ffe96d4c8540c04d64cdcc5ed5c6 2525 git_2.30.2-1+deb11u2.dsc ca456459c18359a34008db6f68cd0f7bf470e3e4eb7093a982b67c51277a0f58 698392 git_2.30.2-1+deb11u2.debian.tar.xz c118c9d47adbd0d4e58f95696d3d094d2f450730f0b55fd24cebdbad068069ff 7429 git_2.30.2-1+deb11u2_source.buildinfo Files: 28d001269b7b8b85e55e017dd1d631fe 2525 vcs optional git_2.30.2-1+deb11u2.dsc 311b49f3834c1333bc55c3bc2742200e 698392 vcs optional git_2.30.2-1+deb11u2.debian.tar.xz aefc9965b634558de2484e07ff46ca65 7429 vcs optional git_2.30.2-1+deb11u2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmP16E0ACgkQO1LKKgqv 2VRUtQgAsVpJFEMOxjmXhcHX4QYIF9xjUosic4popvuBvbk+3raflcSkGFCYzIeg dNmWltgUgwVcWdcA3HjpQ/2FZzGcJINbKJMJtQsVHRQ3Z7f5LQmdECKC8pCDW/Ro a96ht0qOZF2KpzQMCFFScZv8cc9OqEOMBpkE6ORfa4XZ8qJPc7GOcqDGCecDlh8O pWAOMi4wHtJxOVCv7qx1YMob2rlx9OTEQ1ldUAq9o9lnPeic22Phkb++3j1SbVeJ rJx9Bwh+wUzeeGNwFGje1JJU+itgms/vkSzJ+8BGQMEWqdMRGffiQva5T/RLt1Im EgbLsEwO4bXg71YgiEtiXM0vbhc+cw== =6MQU -----END PGP SIGNATURE-----
