-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 16 Dec 2015 08:24:37 +0000 Source: git Binary: git git-man git-core git-doc git-arch git-cvs git-svn git-mediawiki git-email git-daemon-run git-daemon-sysvinit git-gui gitk git-el gitweb git-all Architecture: source amd64 all Version: 1:2.1.4-2.1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Gerrit Pape <pape@smarden.org> Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org> Description: git - fast, scalable, distributed revision control system git-all - fast, scalable, distributed revision control system (all subpacka git-arch - fast, scalable, distributed revision control system (arch interop git-core - fast, scalable, distributed revision control system (obsolete) git-cvs - fast, scalable, distributed revision control system (cvs interope git-daemon-run - fast, scalable, distributed revision control system (git-daemon s git-daemon-sysvinit - fast, scalable, distributed revision control system (git-daemon s git-doc - fast, scalable, distributed revision control system (documentatio git-el - fast, scalable, distributed revision control system (emacs suppor git-email - fast, scalable, distributed revision control system (email add-on git-gui - fast, scalable, distributed revision control system (GUI) git-man - fast, scalable, distributed revision control system (manual pages git-mediawiki - fast, scalable, distributed revision control system (MediaWiki in git-svn - fast, scalable, distributed revision control system (svn interope gitk - fast, scalable, distributed revision control system (revision tre gitweb - fast, scalable, distributed revision control system (web interfac Changes: git (1:2.1.4-2.1+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix CVE-2015-7545, arbitrary code execution issues via URLs with: - 01-CVE-2015-7545-1.patch: add a protocol-whitelist environment variable - 02-CVE-2015-7545-2.patch: allow only certain protocols for submodule fetches - 03-CVE-2015-7545-3.patch: refactor protocol whitelist code - 04-CVE-2015-7545-4.patch: limit redirection to protocol-whitelist - 05-CVE-2015-7545-5.patch: limit redirection depth * Make new tests executable. Checksums-Sha1: 8465748304e2d0c7da344e427da39784a8e4e767 2803 git_2.1.4-2.1+deb8u1.dsc 6aae4d3d4f2da3e8d766453751421d6e5e80f593 3544804 git_2.1.4.orig.tar.xz 220ccdef1e4218f61e74971f7efaa81ca23e27a0 471900 git_2.1.4-2.1+deb8u1.debian.tar.xz 0ae0eaec770494a30750a02d6701a81efab25895 3258126 git_2.1.4-2.1+deb8u1_amd64.deb 7ad3c89d2a5b4085e384f26399f610158ba35d4b 1382564 git-doc_2.1.4-2.1+deb8u1_all.deb 4a9f667430479f493213fd0c82e98d76d31c70c3 588314 git-arch_2.1.4-2.1+deb8u1_all.deb bfba268bd26b4046f9f9e12b55241d9074bba332 637840 git-cvs_2.1.4-2.1+deb8u1_all.deb 5699da9a765953ffdd3c2ab0459a2ae0c66e15e5 662268 git-svn_2.1.4-2.1+deb8u1_all.deb 7acc87c60e4f666f03bd2edd9a38b0e4968b8a46 590634 git-mediawiki_2.1.4-2.1+deb8u1_all.deb b13c9717e142317f52929b9d1c95cdbcb6be33b3 576584 git-daemon-run_2.1.4-2.1+deb8u1_all.deb 40e3b2dd80b2e361205203c622927c8f77fd7270 577636 git-daemon-sysvinit_2.1.4-2.1+deb8u1_all.deb 034e81477edc08d11322920f5566b510bdcb1522 594674 git-email_2.1.4-2.1+deb8u1_all.deb 3b26f8b08e42ead091796554fcd7c2654e0af0a0 766468 git-gui_2.1.4-2.1+deb8u1_all.deb 771b1653353b2063a6ef6d262f515d0516593a5a 694854 gitk_2.1.4-2.1+deb8u1_all.deb 9393769747d7f66a1f0bf5b45ad013a7c7767ec8 579478 gitweb_2.1.4-2.1+deb8u1_all.deb 4119ff9ecee373bc003cdf85359046d322207462 574900 git-all_2.1.4-2.1+deb8u1_all.deb 6ca1163473c644a6e61709a1af216572ffa20f37 594532 git-el_2.1.4-2.1+deb8u1_all.deb 9674b65abc66d69cfd7fa01fb316975522de67a1 1267132 git-man_2.1.4-2.1+deb8u1_all.deb d99843e30f941bbcebb1f9dc90524856499ae5a1 1486 git-core_2.1.4-2.1+deb8u1_all.deb Checksums-Sha256: 9f551047653cd89a3d8b08cfacf459a6343ce07213d29b33790ccb54de94c4b6 2803 git_2.1.4-2.1+deb8u1.dsc a04968b9b10cbcb31a7054aa3a0d11ac47c83556ecd270ddef1987df5d3d053e 3544804 git_2.1.4.orig.tar.xz 17a4a496d2102b6684baa9eb4a8e9618f70afe9016314f2430d774acde612508 471900 git_2.1.4-2.1+deb8u1.debian.tar.xz f6b773373f63615aeb1ba6104db07c99e961f6b27093d8964de8c94c42cee976 3258126 git_2.1.4-2.1+deb8u1_amd64.deb 17f191fde552b706acfa08a8ffdd3be6c73c2c9dcb1ba6302c19088f44b6879c 1382564 git-doc_2.1.4-2.1+deb8u1_all.deb d3195f75ed584f42c989bd3ec389ea34846961bbc46e64f859f0c5cd1fbff125 588314 git-arch_2.1.4-2.1+deb8u1_all.deb 1cfa9adb66b618eff7810529abc415042a53480c908ea6b87ca5a210715128b0 637840 git-cvs_2.1.4-2.1+deb8u1_all.deb 444eb9f685231471b09c312c74cd9b51a8c26ae4786d652cbdbfa1b9d033db99 662268 git-svn_2.1.4-2.1+deb8u1_all.deb 8c2399698cda33c5d047cea012403312735d839c5c0ef4c2f8b3790a75b9b133 590634 git-mediawiki_2.1.4-2.1+deb8u1_all.deb 374af155bd147f7d979d8584329a6af94e839d57904cc36b28a009dafe3dfc7d 576584 git-daemon-run_2.1.4-2.1+deb8u1_all.deb 91cfa9f7e7fade0f39cd6ca657f5aaaaaf03ef8408060001d5edbfbae8cf52fd 577636 git-daemon-sysvinit_2.1.4-2.1+deb8u1_all.deb 8362118600a8246bc34e03e2c95e51301de9b89dec4f7835a064b17dbb46a13b 594674 git-email_2.1.4-2.1+deb8u1_all.deb 4ff8de05edf09d2444d053ab3040e6d12efe13606063f363aa9024e42227196b 766468 git-gui_2.1.4-2.1+deb8u1_all.deb 5a5e3095fe554c49c0f7346238425f791b14e8cc12d79341935b012ddb4bc3aa 694854 gitk_2.1.4-2.1+deb8u1_all.deb fe39d440348983adca621dbec455fd7ac0f76b936b33e4e7470973d8be8fed66 579478 gitweb_2.1.4-2.1+deb8u1_all.deb acf53b0b9ba49d71b939fad5c927d05e80c98c00281b0c6bd5e4579fc7692f52 574900 git-all_2.1.4-2.1+deb8u1_all.deb 7acc76a29e5ea5ddf5d5f3173d1aa86d85e0ae15f21f910950d3c750c1afa6b5 594532 git-el_2.1.4-2.1+deb8u1_all.deb fa9b0e1360898bfdd2a5b8a9a9108b166181642aefce460c2f344b467c21e78a 1267132 git-man_2.1.4-2.1+deb8u1_all.deb 1b7375bac99c5b7ee777d94dc62362a57ceebb0dd4ebf38a2de5bb6e7f52574a 1486 git-core_2.1.4-2.1+deb8u1_all.deb Files: 497b4d4fe35489435545ebdd8582d71e 2803 vcs optional git_2.1.4-2.1+deb8u1.dsc 64273c1e5bf834a324b25d152582145d 3544804 vcs optional git_2.1.4.orig.tar.xz 0279013e8409e54018700dc501cd2336 471900 vcs optional git_2.1.4-2.1+deb8u1.debian.tar.xz 4c504302caf3c33bcb0d25997241a279 3258126 vcs optional git_2.1.4-2.1+deb8u1_amd64.deb 9f93a2d40ef616278a51cbdd398b2e1d 1382564 doc optional git-doc_2.1.4-2.1+deb8u1_all.deb 16cf7793ee3f186595e4e5bc0c36ea62 588314 vcs optional git-arch_2.1.4-2.1+deb8u1_all.deb 382cd0c926ef0014772ef1f08fe0e139 637840 vcs optional git-cvs_2.1.4-2.1+deb8u1_all.deb 8b0e1378a8224826cf7e7b5be30402f1 662268 vcs optional git-svn_2.1.4-2.1+deb8u1_all.deb 09a756fa4c63a3325d39da526aa99813 590634 vcs optional git-mediawiki_2.1.4-2.1+deb8u1_all.deb e4aa86bca8172c4cfa6666e00c387c4f 576584 vcs optional git-daemon-run_2.1.4-2.1+deb8u1_all.deb c9b25b1728a0496e942c941d50b40d57 577636 vcs extra git-daemon-sysvinit_2.1.4-2.1+deb8u1_all.deb def626b7aed711d43360f9858a1b6873 594674 vcs optional git-email_2.1.4-2.1+deb8u1_all.deb 569bc418da1495ad46215ce2c109e50f 766468 vcs optional git-gui_2.1.4-2.1+deb8u1_all.deb 721a830e54a431108cfa50a65cabea97 694854 vcs optional gitk_2.1.4-2.1+deb8u1_all.deb cf0222bff0f4215ab023ed911b45530f 579478 vcs optional gitweb_2.1.4-2.1+deb8u1_all.deb 865b221aefb29c8dc8cf198412dba92b 574900 vcs optional git-all_2.1.4-2.1+deb8u1_all.deb fc9f471678f5330d094f1ef8bf9915c2 594532 vcs optional git-el_2.1.4-2.1+deb8u1_all.deb c003c5af08ca85d452eeafd7ae9db66a 1267132 doc optional git-man_2.1.4-2.1+deb8u1_all.deb de47d7562e7302d2a86128502841edfb 1486 vcs optional git-core_2.1.4-2.1+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWitf+AAoJENzjEOeGTMi/WfYQAJw73CRkJLtaCjl6VgjHegFA hVRijNFF+OSWJxa1QJoVqTJS8Pbn+lG0Z5p18RicF218dJlo9mpAtg21SFqsJtgI WJ7l5NC5bdx+THRRy5yUIZrqHsY0SQClgcxJEM3qzY+JCIXlfs2wDkNtkMbLG4D+ LeQm9lYwimkKwSx5lt87RyMIIlpTZg0RUxPcRab8dr/tCgZ6Bx0rWA87VSCuAUcC u964Ju+gXfrszGrOoUBvqmtgbs6hyaSxzqsFntd8tm3kdcOUjjcwJn7ww0TxxUXk eCOyts21fKEziQhrD1+5aSLEAE/CzmnY3eWdLZRoX0cLrLW+SUppN9GP4e+moEp6 CINNHKSRYCshIlKob2sNzZkj6mN1WMkafHdzFU4xNM/xNwclLf2jLtqxyjdWgvyH Nb2M7fSr0VRe+Gs72ZEnxN1r2aHNSPWpMbpUjpSpv0xPy2wZ6PtrdG5qRnSWp1mj f+4UoVsIe8FNuyqXGrWW0/S+OAS4FPwiiUQDzKerqN1SMqRCDx53UmjZzOzAoThA wGfIjZmSdD4A9qMJ7TovSgfaJDfbJFP3xMI894zL0fpFj2ggiukI11knL2AfKJwE x0i7KiQNwVW9a3GISZXkQQLprFKd6VJEUpMT3XQpIVzLbq4AA7x2e2Mg2/GYUxFc d16GxDZWe/xDimzjebhC =49V1 -----END PGP SIGNATURE-----