-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 27 Aug 2017 15:51:22 +0200 Source: git Binary: git git-man git-core git-doc git-arch git-cvs git-svn git-email git-daemon-run git-daemon-sysvinit git-gui gitk git-el gitweb git-all Architecture: source amd64 all Version: 1:1.7.10.4-1+wheezy5 Distribution: wheezy-security Urgency: high Maintainer: Gerrit Pape <pape@smarden.org> Changed-By: Markus Koschany <apo@debian.org> Description: git - fast, scalable, distributed revision control system git-all - fast, scalable, distributed revision control system (all subpacka git-arch - fast, scalable, distributed revision control system (arch interop git-core - fast, scalable, distributed revision control system (obsolete) git-cvs - fast, scalable, distributed revision control system (cvs interope git-daemon-run - fast, scalable, distributed revision control system (git-daemon s git-daemon-sysvinit - fast, scalable, distributed revision control system (git-daemon s git-doc - fast, scalable, distributed revision control system (documentatio git-el - fast, scalable, distributed revision control system (emacs suppor git-email - fast, scalable, distributed revision control system (email add-on git-gui - fast, scalable, distributed revision control system (GUI) git-man - fast, scalable, distributed revision control system (manual pages git-svn - fast, scalable, distributed revision control system (svn interope gitk - fast, scalable, distributed revision control system (revision tre gitweb - fast, scalable, distributed revision control system (web interfac Changes: git (1:1.7.10.4-1+wheezy5) wheezy-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2017-1000117, arbitrary code execution issues via URLs: - reject ssh hostname that begins with a dash - factor out "looks like command line option" check - reject dashed arguments to $GIT_PROXY_COMMAND - ssh:// and local URLs: reject path to repositories that look like command line options Checksums-Sha1: 613b9f5d6c8e9b1d70887692d6432c3006f7eac0 2798 git_1.7.10.4-1+wheezy5.dsc c5fed219d195b253daa5ae3f05c8a7917c3dcf38 520101 git_1.7.10.4-1+wheezy5.diff.gz c127d7c83f9eb8d518d845a410a35911a71823bb 6683514 git_1.7.10.4-1+wheezy5_amd64.deb af8b806cd57670769f40e74f2b7c59ffd2a1cbe3 2275072 git-doc_1.7.10.4-1+wheezy5_all.deb 784e33a1f902fa0cba9c19016784b597d4f53e2c 464940 git-arch_1.7.10.4-1+wheezy5_all.deb 3c2beafe0183c934bfac480f79dfca5dc640d301 534100 git-cvs_1.7.10.4-1+wheezy5_all.deb 54bde2f6d219569903c17b4f665c5f2c71131181 520668 git-svn_1.7.10.4-1+wheezy5_all.deb a202fffa01d5546fc76acf54eb994f3c4912f4f9 451744 git-daemon-run_1.7.10.4-1+wheezy5_all.deb cc4f9cd3aaf25977bd6876ba976d1d81f300d62a 453114 git-daemon-sysvinit_1.7.10.4-1+wheezy5_all.deb fa6fc9bb97816be167871a4e7e88aa905674cce0 470250 git-email_1.7.10.4-1+wheezy5_all.deb 10e4cf2f85890c76e87fbf4211ce564c761ee2b4 730446 git-gui_1.7.10.4-1+wheezy5_all.deb 26c3cdfcfded9712b9a44bc385a14ac4dd747398 576966 gitk_1.7.10.4-1+wheezy5_all.deb a90c60a3cc875debaab64e4fc3bdaefb30a157e7 454328 gitweb_1.7.10.4-1+wheezy5_all.deb 147f6fa7acd25e49315390f2425b82f0d2d33548 449824 git-all_1.7.10.4-1+wheezy5_all.deb 56790fc0037223a317a8780f3d1c3aa85d7adfef 1344 git-core_1.7.10.4-1+wheezy5_all.deb 2fe079f74054ebb1ad8aef9206b5305bebc3bd98 473222 git-el_1.7.10.4-1+wheezy5_all.deb eb7c0b3e706b1129c533e40fb32bfad46584c9df 1075260 git-man_1.7.10.4-1+wheezy5_all.deb Checksums-Sha256: c6374545bf4059a6472a10ba44ebe8f74ceca8277b3bbcdeaf018a9c398fa59c 2798 git_1.7.10.4-1+wheezy5.dsc 495954d169012e2c2119173baa790f4e57917fa06275f36387ec79f0bacc83c3 520101 git_1.7.10.4-1+wheezy5.diff.gz 41874dd468c4bbc97569af8fcfed71a192d31c4061087fe2fe69c83cb56e5cba 6683514 git_1.7.10.4-1+wheezy5_amd64.deb bb90f0f6978449951e4fa827ce9f6bef4c35fa7e259fff40c7405ace1ac283a3 2275072 git-doc_1.7.10.4-1+wheezy5_all.deb 4bf7162915730cb4148cd974e351d3a78d0f60b66fe1226ebc4926f47f321b90 464940 git-arch_1.7.10.4-1+wheezy5_all.deb b6057443fb43ad51f2c8204b12922cdb9a832a5e1f569c51f07ff87ba41c91fc 534100 git-cvs_1.7.10.4-1+wheezy5_all.deb 0301a2f8fab91e904d0622a61fe48e380caf3dbbb19cead1a7321ad15df1f658 520668 git-svn_1.7.10.4-1+wheezy5_all.deb 1ac0dc074deb186ac63fa2874301d846bdc8a4e1498f139e30be276b49307516 451744 git-daemon-run_1.7.10.4-1+wheezy5_all.deb 4cde4bfdddfab4c849a24893b9fa254dab01f8a0c33c471367338af2d6d6a928 453114 git-daemon-sysvinit_1.7.10.4-1+wheezy5_all.deb c0cd814a082fe96c3ba0c8bc8de6ccd9660684aebecdb28b9be1cb62232a59f0 470250 git-email_1.7.10.4-1+wheezy5_all.deb b1d233fc5c5265efecab254eb0282e38a6233ff236fc14b483a2ff2240f35a21 730446 git-gui_1.7.10.4-1+wheezy5_all.deb 5277d192ac728714c4f9a28bb68acb3dfec34b0e5192acbdfeaf14727f960006 576966 gitk_1.7.10.4-1+wheezy5_all.deb 075724b028e385d010cbe7ba4c28830703508edca10992ba6181ad63e4b5cf3b 454328 gitweb_1.7.10.4-1+wheezy5_all.deb 7bded527c2e3acd3719988c33920e45d542161a5224df2ed16f3dad5b1a28882 449824 git-all_1.7.10.4-1+wheezy5_all.deb e5d6c786d24b21f85767fc05d298f9cab6fc66e4bb936ac7903b8aa668b26b81 1344 git-core_1.7.10.4-1+wheezy5_all.deb dd2898aaeb9148846c24281cd79d06afecea4ecf557c10366486b8380f2b2c6d 473222 git-el_1.7.10.4-1+wheezy5_all.deb b28861ecd9937d07c505efd5e412eaab62057bd9615ae6235f230009d095ca67 1075260 git-man_1.7.10.4-1+wheezy5_all.deb Files: 35e09e9cd6d1be14f47ce18642ea839c 2798 vcs optional git_1.7.10.4-1+wheezy5.dsc 53a841f118cf11da8f9d5645c7d65789 520101 vcs optional git_1.7.10.4-1+wheezy5.diff.gz ff8a03d2a10edf4a4b1a3ea626be7f42 6683514 vcs optional git_1.7.10.4-1+wheezy5_amd64.deb c392a46228b843b6b7cf808317ea2740 2275072 doc optional git-doc_1.7.10.4-1+wheezy5_all.deb eb5c565bfbb691c5829d2be948b82795 464940 vcs optional git-arch_1.7.10.4-1+wheezy5_all.deb 181e51648673920d93909cba3d9b6401 534100 vcs optional git-cvs_1.7.10.4-1+wheezy5_all.deb 6c3871658164fe579ee9f4c8fe70c4ec 520668 vcs optional git-svn_1.7.10.4-1+wheezy5_all.deb 0d7c79da7dcdb735806a233e013897e5 451744 vcs optional git-daemon-run_1.7.10.4-1+wheezy5_all.deb 8b6e035a668b670db8ddd04a26dff468 453114 vcs extra git-daemon-sysvinit_1.7.10.4-1+wheezy5_all.deb 6ea9ea0d3b475c4a1724733d997a1eba 470250 vcs optional git-email_1.7.10.4-1+wheezy5_all.deb 111495ec4865c057f661d6117fbf18b2 730446 vcs optional git-gui_1.7.10.4-1+wheezy5_all.deb 24d73c071f1f8c1dfd98c7aae2a2c422 576966 vcs optional gitk_1.7.10.4-1+wheezy5_all.deb 54f56859addde71361041c80e5290457 454328 vcs optional gitweb_1.7.10.4-1+wheezy5_all.deb 892323574f4448de0a4d4db26b020fa2 449824 vcs optional git-all_1.7.10.4-1+wheezy5_all.deb 65e01f1ebb3e373842534b8a1897f51b 1344 vcs optional git-core_1.7.10.4-1+wheezy5_all.deb fd30f23fd48adc777c98bbad17c93d17 473222 vcs optional git-el_1.7.10.4-1+wheezy5_all.deb 0c9999aa43a9867f4037a7a5e317c322 1075260 doc optional git-man_1.7.10.4-1+wheezy5_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlmjBR1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk6EkQAKb6yFmPSYZwi5kmCoxtubG26kkgL+wG1r5T CHnVEcB1+NYOEXfsx0SqITZiR6MisrbmmV0hJUSC1v3uSvyILExI43lfoJEDp577 Hp6ESXNOgESvkqKHF5vdmjnuWNy+IWh7/mPWRoI56fxPu8MMsbCJhAr7zD+4b+rR eHc0wtu28B27A8S9jR+HuC1mfqYeG2fx9pIsM/c5ic0bLM3ov3lb91v4VkeJm4WP ry6W6ggFSrIKcfe5MmENNWx/4q8z3v0CN2YUVP8/Mn92jlqZgmiJDBd/KEtZXcqP e2Y6PUBhXx1ra+Y9XmyyhadMsjDyr77YppqH1aUO124Y8wnWUWWAYSyv7cnatZFH HUNw22YjQ/bQLvqjGWtv4GnFVhoubH5//EiJrBRPyb6gAFeqEw4NRrFty+TGRgNQ YrVUHHzDMZHbvhaWZ20Nwd4ZUqhZzFkXpuOb0fAYSFvT1dvZp3rZGEPYGJ1DB88o EBY1QyBaClY80lrR3NUlFDJc2zMjINw6sILOi6SBL/T/bxH4N67FzfABKgDuPkc/ 1dq0G4t5Nbqu6ro4R0UmOhP9yYHn/uyxj2iGlS42dHYxsyc5LoR7sc2FUFT3pDOa n4itTiYhh21o314lpmGWkCmKz9eoN8D3za4zqjd3g+vlnN8w0NxlV5g33vmFZZ+o mNWkit+o =31uK -----END PGP SIGNATURE-----