-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 24 Jul 2023 11:08:59 +0200 Source: python-git Architecture: source Version: 2.1.11-1+deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org> Changed-By: Sylvain Beucler <beuc@debian.org> Closes: 1027163 Changes: python-git (2.1.11-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * CVE-2022-24439: Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. (Closes: #1027163) * [CVE pending] Follow-up fix for CVE-2022-24439. Checksums-Sha1: 53147cda152605cfd17217f09fc5058c89973dca 2459 python-git_2.1.11-1+deb10u1.dsc ce688b7680625d1417feafd94b79312c2750020c 428531 python-git_2.1.11.orig.tar.gz c38a90021ff59355d518fee1f6e9ef2b1db69573 14112 python-git_2.1.11-1+deb10u1.debian.tar.xz c7d92395e23468805263689fa44ce4023e7642eb 9088 python-git_2.1.11-1+deb10u1_all.buildinfo Checksums-Sha256: 23cf0eed3bd11b2292d1d00e45e7359e3eda86f14d7fc95ac52cdbc41295664e 2459 python-git_2.1.11-1+deb10u1.dsc 8237dc5bfd6f1366abeee5624111b9d6879393d84745a507de0fda86043b65a8 428531 python-git_2.1.11.orig.tar.gz 5d98fbe12402c921aa54b6f3e3c493caaddb19de599bc40ff9a9ac2ba52b54e7 14112 python-git_2.1.11-1+deb10u1.debian.tar.xz 665b864f11ad0eb233cf750d89c58a98af229365257dda3127867373455e0722 9088 python-git_2.1.11-1+deb10u1_all.buildinfo Files: a3c773074b24a6c9a78c1e67311f6899 2459 python optional python-git_2.1.11-1+deb10u1.dsc cee43a39a1468084d49d1c49fb675204 428531 python optional python-git_2.1.11.orig.tar.gz a7c2dabd5c05101a0d6a7ef9d41a72b8 14112 python optional python-git_2.1.11-1+deb10u1.debian.tar.xz 189f350118d823674d36ec3f92478203 9088 python optional python-git_2.1.11-1+deb10u1_all.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmS+yMoACgkQDTl9HeUl XjCmZw/9E2a/qUNDNicVGPy5avxOTp4fif/TBvbHdLz0fwZdWslVBHyHvAwbzsRn 5OLHuIqNokQgVN44yMAsldAppyCB4HUwVjufnDlEe+ycYnt+o+P2D+flU6iAAY+m cS4sZg6wHBpaJiPaa7GOP28rf3RuzDJKVubdOWX2zesR4REnBvdSc34O4K4NwB4d wbIxhIXmDXSokBerxv5ISPzTN5ym6D8gNLX1Z/VOb+OD60HOrjwY13qXsJbNKiGL jj8jZaCtRVN4nUWSntQ8+rffLi8x+ufmJ6Ej2Y0+hpwtriacOWOw2kFsMDK25+b+ xOSIzoWq/EwdaoWkD3rif6nWcsVCIbVPwi1GMG9wq7pJAuGDt+0/vdcF/30tnyZc ldKTu5nTRAyiURq8NV/ofCifNUw9BV8vSYDb07OMICAjf9tPP3VdEG1p9yVeVyEL cHcLp0srhbRdj7kgKQzkXHevr7bC2o6x7xgqt3GcmQ5Oi0phxD9CTinH3sdHxm3e BwRinbgxcuFIH8GqpQXzJVuOArDwAmWE2l/UDiCETCJkA1fNcgJkR2GbosIasjk2 5Z66dth+ECEHXkESFu+kzXSb/BYGrMueKy70x7aRklT7bUEZFLDSWIf0RspcWZLP rWPosXSR1KthnfFxVn3INz71HBVn2VmPGEIFtSgJxkuQQsG8lcE= =jumt -----END PGP SIGNATURE-----
