Your message dated Sat, 9 May 2026 20:09:36 +0200
with message-id <[email protected]>
and subject line Re: Accepted python-git 3.1.50-1 (source) into unstable
has caused the Debian Bug report #1135349,
regarding python-git: CVE-2026-42215
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1135349: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135349
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: python-git
Version: 3.1.46-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for python-git.
CVE-2026-42215[0]:
| Command injection via Git options bypass
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-42215
https://www.cve.org/CVERecord?id=CVE-2026-42215
[1]
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-rpm5-65cw-6hj4
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: python-git
Source-Version: 3.1.50-1
On Wed, May 06, 2026 at 07:33:40AM +0000, Debian FTP Masters wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Format: 1.8
> Date: Wed, 06 May 2026 08:57:10 +0200
> Source: python-git
> Architecture: source
> Version: 3.1.50-1
> Distribution: unstable
> Urgency: medium
> Maintainer: Debian Python Team <[email protected]>
> Changed-By: Hans-Christoph Steiner <[email protected]>
> Changes:
> python-git (3.1.50-1) unstable; urgency=medium
> .
> * New upstream version 3.1.50
> Checksums-Sha1:
> 92717deea8b895432ca585727ebff8ca7a2f4503 2418 python-git_3.1.50-1.dsc
> bd09c7adc49aca08b3cbfe92eb098685bb58748d 560633 python-git_3.1.50.orig.tar.gz
> 0aade3030d248c27b8df786e1ceae84f1e17b757 7172
> python-git_3.1.50-1.debian.tar.xz
> ba5cd947daaed5eb3f6941115f999f7884a6164c 8983
> python-git_3.1.50-1_source.buildinfo
> Checksums-Sha256:
> 92aa3d0af256260f999c55d12690f41d5ea082a821e1027b65529a4cfc3cd284 2418
> python-git_3.1.50-1.dsc
> 3daa69879e908aeb102de2b58ca4e07ba9cc3fd001f9c3d9b8bcf628fb4acb30 560633
> python-git_3.1.50.orig.tar.gz
> 77c6ca9a304a1aeb3ebe78a1edab25b7eacb70c9d8c47f1a4744b1cffa53aacf 7172
> python-git_3.1.50-1.debian.tar.xz
> 0a7aeb3f5a7d14dd4c1b7739cc2c6f86d357269632595d34178ab25ce50932c8 8983
> python-git_3.1.50-1_source.buildinfo
> Files:
> afdd014192712851aac6dd691c7d048e 2418 python optional python-git_3.1.50-1.dsc
> d7a0a3635935c80ba0cf01ba82903d51 560633 python optional
> python-git_3.1.50.orig.tar.gz
> 92029abe29d44df4af0f18157585f02c 7172 python optional
> python-git_3.1.50-1.debian.tar.xz
> 08dffd4c06712d71cb60a55d1137c880 8983 python optional
> python-git_3.1.50-1_source.buildinfo
>
> -----BEGIN PGP SIGNATURE-----
>
> iQEzBAEBCgAdFiEElyI52+aGmfUmwGoFPhd4F7obm/oFAmn66xkACgkQPhd4F7ob
> m/rvCgf+NRY+uY5dRR1dubURhHyIekfnYU/D8mKjSv/zZ0f7eZrm9GKyQLKxm1uH
> QxfwqOvb0AxvO9GT8JZsqWFCnR/lpc83S6ZkhNhK9fXSYtKNIMktqz4+8OPXG1Nn
> 6SbbswB5wNLPgxfhDLifNBwvxooboSBeYRrfa2rvG9lekaAp6Vb8FgfeEyWufFBQ
> LK/VuyhBzWz027s3p16xw3V9FFPWxwaO1DbHiwMqpGAbAh0Lt8BXrryWDRQ6VgRV
> 6lpCHuBGsz2x0BrNkrFWK4EOwKiO6LPbf4bampnnE1lv1TDkPJhKvRfldi99bTRN
> a223c2GG9hTtYX5BfBYbJxF4pjLNhQ==
> =YuH7
> -----END PGP SIGNATURE-----
--- End Message ---
