Debian Package Tracker

From: Antoine Beaupré <anarcat@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted git-annex 5.20141125+deb8u1 (source amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
Date: Sun, 17 Jun 2018 18:02:34 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 26 Oct 2017 10:23:02 -0400
Source: git-annex
Binary: git-annex
Architecture: source amd64
Version: 5.20141125+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Joey Hess <joeyh@debian.org>
Changed-By: Antoine Beaupré <anarcat@debian.org>
Description:
 git-annex  - manage files with git, without checking their contents into git
Closes: 873088
Changes:
 git-annex (5.20141125+deb8u1) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2017-12976: git-annex before 6.20170818 allows remote attackers to
     execute arbitrary commands via an ssh URL with an initial dash
     character in the hostname, as demonstrated by an ssh://-eProxyCommand=
     URL (Closes: #873088)
Checksums-Sha1:
 e356d92b89a2ba92febd63e4c7a540053d758038 3537 git-annex_5.20141125+deb8u1.dsc
 284103ddbcd1c4f59eae75bd3b69c870902933e0 5963447 git-annex_5.20141125+deb8u1.tar.gz
 def4e6449ad089588e317b1d124178578abb0aa3 8491992 git-annex_5.20141125+deb8u1_amd64.deb
Checksums-Sha256:
 aad22c44af16e06d41262e93984b293f168588f82adb45b904f2d7e44cd83c3c 3537 git-annex_5.20141125+deb8u1.dsc
 c92c91c9e20786dcf6c1bbf4b35125e8f0f58dd434a9183401192a35a63a79de 5963447 git-annex_5.20141125+deb8u1.tar.gz
 522937ba9411466a2c00e00376bb48267ac0657f27902b5c4c8cb688ad71e63e 8491992 git-annex_5.20141125+deb8u1_amd64.deb
Files:
 39eced6036fd444e6ebc20ff48f4a472 3537 utils optional git-annex_5.20141125+deb8u1.dsc
 284591204775190567f9a1c361b9fd25 5963447 utils optional git-annex_5.20141125+deb8u1.tar.gz
 8ae7e45d0bbda1eb88d6086106b0a094 8491992 utils optional git-annex_5.20141125+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEexZCBNCWcjsBljWrPqHd3bJh2XsFAlnyLV0ACgkQPqHd3bJh
2XvYBQf/clZXO78fQCgpLWU0rq5SrIS/ogxWaZLBSRvVSavUB9FWt58+lw3OgnCL
PKNIEr03ZpR7aCGYylJscJz30lMXrTv0AjH2QtMmUoWIMXNfignV88VMYhSpeC+v
HNp7fP5LSOxJ5/QHGqyyZIEfKJ8L7/4od5aYU9n4cY6hfSGFWdd//g1N5PVVRaHq
TiIZBRzaoFA+a6m1XYbVHsfXnctKCVuhabcULUNQy93IMSdafod73+UPaTmYJt/D
ID6Ge1XcfssoBahJnn71TqqfCIt539VGMT9ZESvXYMKt5IgG/ULW5aa22mUKOWXb
wdtTZJKICcjFJXe5Is3qV0QUmT/FKA==
=Sfe2
-----END PGP SIGNATURE-----

News for package git-annex