-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 17 Dec 2015 20:19:24 +0100 Source: git Binary: git git-man git-core git-doc git-arch git-cvs git-svn git-email git-daemon-run git-daemon-sysvinit git-gui gitk git-el gitweb git-all Architecture: source amd64 all Version: 1:1.7.10.4-1+wheezy2 Distribution: wheezy-security Urgency: high Maintainer: Gerrit Pape <pape@smarden.org> Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org> Description: git - fast, scalable, distributed revision control system git-all - fast, scalable, distributed revision control system (all subpacka git-arch - fast, scalable, distributed revision control system (arch interop git-core - fast, scalable, distributed revision control system (obsolete) git-cvs - fast, scalable, distributed revision control system (cvs interope git-daemon-run - fast, scalable, distributed revision control system (git-daemon s git-daemon-sysvinit - fast, scalable, distributed revision control system (git-daemon s git-doc - fast, scalable, distributed revision control system (documentatio git-el - fast, scalable, distributed revision control system (emacs suppor git-email - fast, scalable, distributed revision control system (email add-on git-gui - fast, scalable, distributed revision control system (GUI) git-man - fast, scalable, distributed revision control system (manual pages git-svn - fast, scalable, distributed revision control system (svn interope gitk - fast, scalable, distributed revision control system (revision tre gitweb - fast, scalable, distributed revision control system (web interfac Changes: git (1:1.7.10.4-1+wheezy2) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix CVE-2015-7545, arbitrary code execution issues via URLs with: - 0016-CVE-2015-7545-backport1.patch: add function string_list_append_nodup() - 0017-CVE-2015-7545-backport2.patch: add two new functions for splitting strings - 0018-CVE-2015-7545-1.patch: add a protocol-whitelist environment variable - 0019-CVE-2015-7545-2.patch: allow only certain protocols for submodule fetches - 0020-CVE-2015-7545-3.patch: refactor protocol whitelist code - 0021-CVE-2015-7545-4.patch: limit redirection to protocol-whitelist - 0022-CVE-2015-7545-5.patch: limit redirection depth * Make new tests executable. Checksums-Sha1: fd10bbf6f678500d9134bf2e77eee524f1d17da6 2633 git_1.7.10.4-1+wheezy2.dsc ddc305ab520246790faa72bbaab4b9bf5bcf23fa 3813469 git_1.7.10.4.orig.tar.gz ecc452d5a1a9a2da4fee70cf7bce75535bfeafe8 512520 git_1.7.10.4-1+wheezy2.diff.gz 985407bbbbf92588f8717e02a3d2d4fde9c20125 6675472 git_1.7.10.4-1+wheezy2_amd64.deb 8fef6736d594f9d0611273069d7fb4e6cd3b249b 2004900 git-doc_1.7.10.4-1+wheezy2_all.deb edf6cb8cfa572b9004ff20dd88754e98f3221ca8 464780 git-arch_1.7.10.4-1+wheezy2_all.deb 40ffdc86004038e2913f80befa243025a79642db 534138 git-cvs_1.7.10.4-1+wheezy2_all.deb 91e37eb8c9cd9efa75db21e94bfcd41ef86bfc58 520622 git-svn_1.7.10.4-1+wheezy2_all.deb 777944ff46b9599026dd2d6bfc71af2a7fdfc1bb 450434 git-daemon-run_1.7.10.4-1+wheezy2_all.deb a6004eca7714f45a0947c5f150147872e842bd16 452096 git-daemon-sysvinit_1.7.10.4-1+wheezy2_all.deb 5d53274a5d3d3476df334a77e7a811b6d1c83343 469984 git-email_1.7.10.4-1+wheezy2_all.deb 89e12f62283f73201cc5e0242b52b96fc8d1cdfd 730928 git-gui_1.7.10.4-1+wheezy2_all.deb 225cb26a1cbad793bcefcab24bff76c69e9d69a8 578356 gitk_1.7.10.4-1+wheezy2_all.deb ced12a9fc36f162c4964a5e3d7a00b2e25533fae 453536 gitweb_1.7.10.4-1+wheezy2_all.deb 7bdb40a9ff00dd010a7c5e18142df9b2b29881d0 448852 git-all_1.7.10.4-1+wheezy2_all.deb 3378321fe921501e987fadf7fc9b151e2627fd75 1334 git-core_1.7.10.4-1+wheezy2_all.deb b9d7cbb3ff42c979005c5482812d3ed9c04fe51d 470948 git-el_1.7.10.4-1+wheezy2_all.deb 40e4325d73ee8549abfbe3d1d277fa0448c721c3 1074204 git-man_1.7.10.4-1+wheezy2_all.deb Checksums-Sha256: fb69bc10b7112a626f07d2da4a6ddd7fa8a4c3079d0e43f4af350a872b7c2a19 2633 git_1.7.10.4-1+wheezy2.dsc 77ce53644d687202c64ca29db4ae5055daff4e0c611dde8f1d51edb752dba8dd 3813469 git_1.7.10.4.orig.tar.gz eb40f9cfa67fea1330f3256927dcce794c95227748705a715a653cb528745c60 512520 git_1.7.10.4-1+wheezy2.diff.gz feb2f42ec4c39ae356e637fd46424c56bb7308a60af6bb19cb11180b00882458 6675472 git_1.7.10.4-1+wheezy2_amd64.deb ba2e677bf1b3f40025cf0eafb79f33fc31b2464a09d32b9d0c9b684feab192db 2004900 git-doc_1.7.10.4-1+wheezy2_all.deb 770b56973c4fb14ec638124565295ba700b0457344bc459807fd5fee0524bdeb 464780 git-arch_1.7.10.4-1+wheezy2_all.deb 11c8e35c6b3112ed343a8cc806bfbca429e2496dcbb8ef031ea7c454deb09f57 534138 git-cvs_1.7.10.4-1+wheezy2_all.deb b63196f330223f9afbdf8fdc768f2f712a25126e6e44d2fcb0151c5efdbb273e 520622 git-svn_1.7.10.4-1+wheezy2_all.deb 3563a62aca36b433921f675b2f492f150b74a576f15144535aa5e65ccc7a0e15 450434 git-daemon-run_1.7.10.4-1+wheezy2_all.deb a514e3bdfa1bb84466ac11c8272f773e470f870ec733c822264c6c5626428576 452096 git-daemon-sysvinit_1.7.10.4-1+wheezy2_all.deb c6033ca4754ab8c36fbe4f7c2c0d94dbcb1005979fb7c922f92b81d6a7d19c42 469984 git-email_1.7.10.4-1+wheezy2_all.deb 65b06237330581506401c1bb94a5eba6b725c211fdbe0f90915df27b537fd69a 730928 git-gui_1.7.10.4-1+wheezy2_all.deb b7a2a5fdc737b930eaac092e0ba1088e5f9ae36679f3ec1fcac98b60d1e4b07c 578356 gitk_1.7.10.4-1+wheezy2_all.deb 840103f938a5f4259ac24aa8baa2ffe9439afe40df9318c074e528ec06b2d528 453536 gitweb_1.7.10.4-1+wheezy2_all.deb 39d2e81bf5ad0daaa037b14dd3d8297194751a3af4a984ccec9e701390daf8c2 448852 git-all_1.7.10.4-1+wheezy2_all.deb 85a7943e971086e96e41250a58af1237b39c34c92757f103df49edd241502572 1334 git-core_1.7.10.4-1+wheezy2_all.deb e0e1c30b1d3243a385045af508a7b7e01db998ac9cdd14311b9351f3de16b6b8 470948 git-el_1.7.10.4-1+wheezy2_all.deb 004c916001195136db50ad9055c2292f92f18821f06d0ec6867ba8a22604ed66 1074204 git-man_1.7.10.4-1+wheezy2_all.deb Files: ce6017298a01a7218c3a8bbe47f8692e 2633 vcs optional git_1.7.10.4-1+wheezy2.dsc 68319d593d051ef76c26e945bbd2d7ac 3813469 vcs optional git_1.7.10.4.orig.tar.gz a455e3b90ea86bb49e3a3fd4df9c5c62 512520 vcs optional git_1.7.10.4-1+wheezy2.diff.gz dc983c4a45191319e53fdaa1b5317be7 6675472 vcs optional git_1.7.10.4-1+wheezy2_amd64.deb 8b4ee59daa2bb0526836624d18be1b77 2004900 doc optional git-doc_1.7.10.4-1+wheezy2_all.deb 4cbf4e9b456ba9546273f05aa2c3a42b 464780 vcs optional git-arch_1.7.10.4-1+wheezy2_all.deb 53e5dc6931cdc21328b84b4448c892e2 534138 vcs optional git-cvs_1.7.10.4-1+wheezy2_all.deb 8e5eea371c1b82fe7645c48ce3a9dcc4 520622 vcs optional git-svn_1.7.10.4-1+wheezy2_all.deb 221db2c29b0a49fa0dc91b4ce7f1caeb 450434 vcs optional git-daemon-run_1.7.10.4-1+wheezy2_all.deb 83466d44353c56c053fd4aafa5024640 452096 vcs extra git-daemon-sysvinit_1.7.10.4-1+wheezy2_all.deb 7b4b9b787b0961241e4a1664d44f9398 469984 vcs optional git-email_1.7.10.4-1+wheezy2_all.deb 8518700b1291cfbfac5037adbd6798ff 730928 vcs optional git-gui_1.7.10.4-1+wheezy2_all.deb c2215abab8f8ae85d5d34da143af06c5 578356 vcs optional gitk_1.7.10.4-1+wheezy2_all.deb e6273263861ca6e38be40f85ae834d3f 453536 vcs optional gitweb_1.7.10.4-1+wheezy2_all.deb 1d11764c279e007a9281478267da0c17 448852 vcs optional git-all_1.7.10.4-1+wheezy2_all.deb 967ec7026b9173b614d45e691e283180 1334 vcs optional git-core_1.7.10.4-1+wheezy2_all.deb 34c86ef8b37a28404e2122502def2735 470948 vcs optional git-el_1.7.10.4-1+wheezy2_all.deb 71f4d8a3b0ce566d6d43af903e6827c8 1074204 doc optional git-man_1.7.10.4-1+wheezy2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWitgcAAoJENzjEOeGTMi//fUP/34uXzOe+8Wh6nhlDAcjwwdZ 8uRmZFUn0on+lWa0hgKCanPt3awv1kqZjUChNRoliP1dP7PB8HeRg3nu0lXBNFGp G5kfj6Dj3XdCklTGTZDNCm9fh2+Pm6B1LRFTapeBUvpnDTuBewN5rc5c2ALsYBIA tyTLo6kBmno11SZ9IwEzG3kfRRakUS/K+u+7swMuTXINLKYiCWB05EUYREvW/e6e Ztijeo+fosmU5/U6i4ERk7oROrftClT+Z0b84b3Ol4hhPEKEFyttIRKzKPFm4upH qC1sA2JSyBgMYOsAPAO5TLS9sFOFGIwRRhIeDnKqjUyfNtlZWXILKoVwqWo3oaUE iN1kxjO126EHiXI1FWv/7DkLrFuD9KAXeoAERuyfw2orzdrN44g7EkLKxdrZyp9g rizW+eAMHxnGVXtm1z9QceRyyUEpIm1Smh9KweqnRhIB8MKTuf8Wg7vhPdo/4q/T 40/lTEpe1iFYtnColjFN2cp1f21jGwaNL7Q9n7ylyo8MN+NvJzAnI1csbIxwfYA4 4ZS70EuTR/Eb75o1LBnjNhfJq8SGkagWRx6NQ211ti0Y7Qa7Yhep/J5it96UsyoK D9KpxWR3M7EHQwr1N9KjGSvUsLx3dsDyYC+LFqkrqNF0gMLHEXb0j7xEHodsX3dD oYHxVyoGb5tmRdkrmU0B =EgJF -----END PGP SIGNATURE-----