Debian Package Tracker

From: Antoine Beaupre <anarcat@debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted git-annex 3.20120629+deb7u1 (source amd64) into oldoldstable
Date: Thu, 26 Oct 2017 14:00:20 +0000
Signed by: Antoine Beaupré <anarcat@anarc.at>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 26 Oct 2017 09:30:00 -0400
Source: git-annex
Binary: git-annex
Architecture: source amd64
Version: 3.20120629+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Joey Hess <joeyh@debian.org>
Changed-By: Antoine Beaupre <anarcat@debian.org>
Description:
 git-annex  - manage files with git, without checking their contents into git
Closes: 873088
Changes:
 git-annex (3.20120629+deb7u1) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2017-12976: git-annex before 6.20170818 allows remote attackers to
     execute arbitrary commands via an ssh URL with an initial dash
     character in the hostname, as demonstrated by an ssh://-eProxyCommand=
     URL (Closes: #873088)
Checksums-Sha1:
 de64c0892e89c8a5724291292dcc7ba1427278a3 1662 git-annex_3.20120629+deb7u1.dsc
 368eb7c834adbb5f445d7aafabdc39c6638406db 53321843 git-annex_3.20120629+deb7u1.tar.gz
 0feb0087e6b25e44b5fc90e40b3ac853b346df7b 3629542 git-annex_3.20120629+deb7u1_amd64.deb
Checksums-Sha256:
 b00f741c09be146f1d375b770dbd6b9d3c5674ff13791c04b18f3046cb63ae4e 1662 git-annex_3.20120629+deb7u1.dsc
 b19fd0dcb7539a912ee41218c8e9673a06d47cb4627996adba9c59a57e22bcd1 53321843 git-annex_3.20120629+deb7u1.tar.gz
 c024f3284b3dfe5c241c5348020ca6e94c1becdb496a40c93c5af081dde75ea8 3629542 git-annex_3.20120629+deb7u1_amd64.deb
Files:
 f9a70a42ad837761f932daee234548ed 1662 utils optional git-annex_3.20120629+deb7u1.dsc
 016f3192bd825bc34200797ab26266bb 53321843 utils optional git-annex_3.20120629+deb7u1.tar.gz
 6f568ae7dc418e7d4701d64867671869 3629542 utils optional git-annex_3.20120629+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEexZCBNCWcjsBljWrPqHd3bJh2XsFAlnx5acACgkQPqHd3bJh
2XvFUgf+Ot5L9wjJeW7Nm/W7uP2GdMgcihMeNUcH/xX4wn4d7DyH27rymG5YtzvE
bHpk3vi+Y/r3DoHqE/hUuSXBibCGMXPrk8oSRmB8DFpCqGnwQP3ppPAmi9X2ripC
OkIsSRxlpscw2EC9jA+hCsgVXfvqHbAVRw7kxHeJN5GOsV3W0aqDDbz3+hWvHJwe
VtyNLo2gnEKAyxqfJ1C5t4DwP8i5If8RKlB3eWCVChUZapxFPyHOp3wVyHgi2mE1
iUKsERiTEhTPDlwdV+DB76rwCxg84GO1qzV0J2eBSS+4+t29HsNkQtxrDCoZeww+
mZXLEdYrV68+tqwNeqhOpl/whOWlgw==
=OgyC
-----END PGP SIGNATURE-----

News for package git-annex