-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 15 Oct 2017 17:24:29 +0800 Source: git Binary: git git-man git-core git-doc git-cvs git-svn git-mediawiki git-email git-daemon-run git-daemon-sysvinit git-gui gitk git-el gitweb git-all Architecture: source all amd64 Version: 1:2.14.2-1~bpo9+1 Distribution: stretch-backports Urgency: high Maintainer: Gerrit Pape <pape@smarden.org> Changed-By: Aron Xu <aron@debian.org> Description: git - fast, scalable, distributed revision control system git-all - fast, scalable, distributed revision control system (all subpacka git-core - fast, scalable, distributed revision control system (obsolete) git-cvs - fast, scalable, distributed revision control system (cvs interope git-daemon-run - fast, scalable, distributed revision control system (git-daemon s git-daemon-sysvinit - fast, scalable, distributed revision control system (git-daemon s git-doc - fast, scalable, distributed revision control system (documentatio git-el - fast, scalable, distributed revision control system (emacs suppor git-email - fast, scalable, distributed revision control system (email add-on git-gui - fast, scalable, distributed revision control system (GUI) git-man - fast, scalable, distributed revision control system (manual pages git-mediawiki - fast, scalable, distributed revision control system (MediaWiki re git-svn - fast, scalable, distributed revision control system (svn interope gitk - fast, scalable, distributed revision control system (revision tre gitweb - fast, scalable, distributed revision control system (web interfac Changes: git (1:2.14.2-1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . git (1:2.14.2-1) unstable; urgency=high . * new upstream point release (see RelNotes/2.14.1.txt). Among other changes, this fixes a remote shell command execution vulnerability via CVS protocol: - git-shell: drop cvsserver support by default - git-cvsserver: harden backtick captures against user input . Thanks to joernchen of Phenoelit for discovering, reporting, and fixing this vulnerability, and to Junio C Hamano and Jeff King for the fixes to related issues. Checksums-Sha1: 1cdb615e597dfc724db53e886363c305d05f07fe 2542 git_2.14.2-1~bpo9+1.dsc 0a48b50713e7317bfe85d92e5f30a7071d455419 546680 git_2.14.2-1~bpo9+1.debian.tar.xz 95bedf98f02b60d67dbfc24e32858c34814c69bd 712706 git-all_2.14.2-1~bpo9+1_all.deb 483a986328f93f8c41e2eeef1d8462b557d25d46 1414 git-core_2.14.2-1~bpo9+1_all.deb ebe92e463436df96236f65e0fcc5c29a79e1ed35 775936 git-cvs_2.14.2-1~bpo9+1_all.deb a8c17026879db6c33cc1d52905f0a6d523d10f32 714300 git-daemon-run_2.14.2-1~bpo9+1_all.deb 4c25a3c22c43716e87ab25481682d9a66faadc80 715460 git-daemon-sysvinit_2.14.2-1~bpo9+1_all.deb 341c3c7f731d631228cbf3b1294f342024bc59fa 32682736 git-dbgsym_2.14.2-1~bpo9+1_amd64.deb 77f0d74448dcde3321e88d6fa214dcbea5243a1c 1588566 git-doc_2.14.2-1~bpo9+1_all.deb 2b103c826cea1c35d6d7330b0bb88e0fd50d8400 732274 git-el_2.14.2-1~bpo9+1_all.deb ea7c14fe647396c2419f5767fea03e40c679f983 736340 git-email_2.14.2-1~bpo9+1_all.deb 5530c8043570ec301cef38805e7bfb92d997cca7 921608 git-gui_2.14.2-1~bpo9+1_all.deb 8aa33bc5e8e50f2dcd6a7e09297c91b9913847b9 1494864 git-man_2.14.2-1~bpo9+1_all.deb bba4ca8521138987444875b6b3060fc7f63ea1e9 728372 git-mediawiki_2.14.2-1~bpo9+1_all.deb 7891e079b57e5daa02c303983033e9c3cbcfbad9 798556 git-svn_2.14.2-1~bpo9+1_all.deb e6ea76ce7822eb220cfa59a4811d93ddf57127e9 11818 git_2.14.2-1~bpo9+1_amd64.buildinfo 0c6be0045fa3cc36bd03a656501fb19bc9abb75d 4403016 git_2.14.2-1~bpo9+1_amd64.deb f7a601c1ef424a5238bc1dfb14690dda348f25e2 843244 gitk_2.14.2-1~bpo9+1_all.deb 11771e4df2571a63f1cb36e2d1c60c987473f12e 716932 gitweb_2.14.2-1~bpo9+1_all.deb Checksums-Sha256: 50cf55bce179e0233126e0290aa33c220a831aaefce7369adb11914ec05f0159 2542 git_2.14.2-1~bpo9+1.dsc 06d581b73a9ecd4709f4346ebf73ecf56af4dc9ecf764a0dd70f5bc80517744c 546680 git_2.14.2-1~bpo9+1.debian.tar.xz 593e4f6b11c0acba3b7c8f3707aa2df7415119cce179fb531e1ca4e8a2125db3 712706 git-all_2.14.2-1~bpo9+1_all.deb 941f0caf942a07d3eb6e1888f1b91d8d8092d5263093f3da7aaadeb04e1078cd 1414 git-core_2.14.2-1~bpo9+1_all.deb 168addb9be78bce05570571bfb57cc8de4558cd1b96148866cb0f8d419e13030 775936 git-cvs_2.14.2-1~bpo9+1_all.deb 1e470129cfa8ed227852e783f08d03d2af49c1922009a5ad0ae58348e879828c 714300 git-daemon-run_2.14.2-1~bpo9+1_all.deb 81cc04ac82f343c85763f067ad6922e52149122bd19106e5af711f65f0653eb9 715460 git-daemon-sysvinit_2.14.2-1~bpo9+1_all.deb 8d26ae78e73d34e49592a479f6f435844e3913215c2899dc35d9ec8292706b2b 32682736 git-dbgsym_2.14.2-1~bpo9+1_amd64.deb bcfaaf288dbc556a590087af333b10ca8c102016e40256fbfe5fbc43333870d4 1588566 git-doc_2.14.2-1~bpo9+1_all.deb c0fdcd1d26a7e24d6aeb792c8ab748fd2306b37d8a5d0aa67ab090f0b5193113 732274 git-el_2.14.2-1~bpo9+1_all.deb 2cdc149b1885bf0735bac21d5caf19cd09adf9dd5c053d38f9fbf27ea6f5e8c4 736340 git-email_2.14.2-1~bpo9+1_all.deb 9563f8b6e45c589668f8c4c29a1cc61660b9ae0dc79558427a56a27f38c86d71 921608 git-gui_2.14.2-1~bpo9+1_all.deb 4e51fdd083dc3ae06aa589363f2a55962579a1dcb0d56148e02af30640ce7c3b 1494864 git-man_2.14.2-1~bpo9+1_all.deb 72f55b5ed592390cfc9daafb3d124fcffc27ac92a183a81e12148f53b8d5da31 728372 git-mediawiki_2.14.2-1~bpo9+1_all.deb 4dd0b71c0e2a18aa02e37cf84cfa974d5a8e127e3546f22a565e0b83e0bb085a 798556 git-svn_2.14.2-1~bpo9+1_all.deb 94fe76eddff1c2bb1001b09c9e5e63d7d65d235485acfb819ccf9c0300e5c718 11818 git_2.14.2-1~bpo9+1_amd64.buildinfo 051a93e054581a6d639bd9a9b089e7280643dd757501c53a0b4cdbbbc5907c9f 4403016 git_2.14.2-1~bpo9+1_amd64.deb 9eb1e2e92a27fb8624358015ecef8ad6b528eeb6b36d6a946b5d9b213389e4bd 843244 gitk_2.14.2-1~bpo9+1_all.deb 62dffe3462ac1e31348c4f33e8cc64df2a0714c52cc17e4f13a1f57c9d9320f7 716932 gitweb_2.14.2-1~bpo9+1_all.deb Files: 9f8d30b95422c8f458e6819642ba592a 2542 vcs optional git_2.14.2-1~bpo9+1.dsc 3d541e12c5964ea3aacc73d2b558d54c 546680 vcs optional git_2.14.2-1~bpo9+1.debian.tar.xz e4952f2326af06390e88ad520b1c405a 712706 vcs optional git-all_2.14.2-1~bpo9+1_all.deb 156b5c1a4458e877f49a78b45e9822ce 1414 vcs optional git-core_2.14.2-1~bpo9+1_all.deb d9c95f205ab41e6e92c972e30901c5ae 775936 vcs optional git-cvs_2.14.2-1~bpo9+1_all.deb 30a6d03ff50ec4217b7ae13a4020590b 714300 vcs optional git-daemon-run_2.14.2-1~bpo9+1_all.deb 45eb6ff1d3a28702d6fa74f57cd951cc 715460 vcs optional git-daemon-sysvinit_2.14.2-1~bpo9+1_all.deb dd7bbbc3b64eda15c9515ba1981fe937 32682736 debug extra git-dbgsym_2.14.2-1~bpo9+1_amd64.deb 5dd2188f339a9adb94d452bca057f603 1588566 doc optional git-doc_2.14.2-1~bpo9+1_all.deb 33a92aecf38f002592519b2281e36f6a 732274 vcs optional git-el_2.14.2-1~bpo9+1_all.deb d9fd8113f5d39250e9458ffdd11badf3 736340 vcs optional git-email_2.14.2-1~bpo9+1_all.deb b4d58a786f3afc5d7eb551f7ae5e3f4c 921608 vcs optional git-gui_2.14.2-1~bpo9+1_all.deb 3df821ddeebecbc2b1266daa7db1429f 1494864 doc optional git-man_2.14.2-1~bpo9+1_all.deb f9a4af1f49d213bd24332aa9192de241 728372 vcs optional git-mediawiki_2.14.2-1~bpo9+1_all.deb 2126b36594b2ae0e36905fd0d31953fa 798556 vcs optional git-svn_2.14.2-1~bpo9+1_all.deb 46074289f236e91f75f58e1a262ba97a 11818 vcs optional git_2.14.2-1~bpo9+1_amd64.buildinfo 995a14fabb82531f47e5b19c415dcf43 4403016 vcs optional git_2.14.2-1~bpo9+1_amd64.deb 81da2738b63c469e06e194158488abdf 843244 vcs optional gitk_2.14.2-1~bpo9+1_all.deb 761b26b827f570395b476bacc2ad38df 716932 vcs optional gitweb_2.14.2-1~bpo9+1_all.deb -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEsW3g9zWrjdJ64EeNev3ArdrqwV4FAlnjLfAACgkQev3Ardrq wV54PwgAsgwxCHrMZO2ECUGMAiMHCS/WTBnsrkua4pKtqzGVvMOy8t35t38o9o6f Lxsc5KWtdpnZPLOmEUt5PFG3WXSiVq/bfxnsor+9eQDr2U+3kBcZciAt8QLXNnWm 8BS9HF7iY0ETZlsD8x4hS+8LdHhGyPf627vYdJUkUpdcUFOIa/Vks/5ByndarspV ceTK3Su9HGBGlbrhis2p+QEfl2QzbE3RTsg+DNE3km23RTMWEe8OOfeuN/rxxMNP gkQa9ycLX0tzBPHy4ds5+WN46l5h3RUcNTJ/638LY3iYbifjLAAyfhytXWL+52Np bz//tRXekZ82yxurywubfQjIcScBtA== =x1R4 -----END PGP SIGNATURE-----