Accepted git 1:2.38.1-1 (source) into unstable

Mon, 31 Oct 2022 19:35:04 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 31 Oct 2022 18:32:00 -0700
Source: git
Architecture: source
Version: 1:2.38.1-1
Distribution: unstable
Urgency: medium
Maintainer: Jonathan Nieder <jrnie...@gmail.com>
Changed-By: Jonathan Nieder <jrnie...@gmail.com>
Closes: 1022046
Changes:
 git (1:2.38.1-1) unstable; urgency=medium
 .
   * new upstream release (closes: #1022046; see RelNotes/2.38.0.txt,
     RelNotes/2.38.1.txt).
     * Addresses the security issue CVE-2022-39253: cloning an
       attacker-controlled local repository could store arbitrary files
       in the ".git" directory of the destination repository.
 .
       Thanks to Cory Snider of Mirantis for reporting this
       vulnerability and Taylor Blau for the mitigation.
 .
     * Addresses CVE-2022-39260: a long command string passed to a `git
       shell` configured to support custom commands could overflow and
       run arbitrary code.
 .
       Thanks to Kevin Backhouse of GitHub for reporting this
       vulnerability and Kevin Backhouse, Jeff King, and Taylor Blau
       for mitigating it.
Checksums-Sha1:
 449c41de458306bfdb5c3799304325abedf3c1b4 2825 git_2.38.1-1.dsc
 a1886780a89423ddb600e141d44751480eb1413f 7088208 git_2.38.1.orig.tar.xz
 488bf4953a4480e6bcbc0f751caede0e2b938cd0 733140 git_2.38.1-1.debian.tar.xz
 4ff32dc38d82a5ee5c99a9c3e98de859830a1e00 12288 git_2.38.1-1_amd64.buildinfo
Checksums-Sha256:
 500be7ab00360288196aaf434efcc15e733e90dfb02157483e48196a8d56fe89 2825 
git_2.38.1-1.dsc
 97ddf8ea58a2b9e0fbc2508e245028ca75911bd38d1551616b148c1aa5740ad9 7088208 
git_2.38.1.orig.tar.xz
 b2aec5827639f2f939774f457414a6b46f1fce1f014f76a1a48f12a980c3baca 733140 
git_2.38.1-1.debian.tar.xz
 07d50f78c51a4b7ab5aeb01f35a509a0b612f926c2ec73de495a05f8af80137c 12288 
git_2.38.1-1_amd64.buildinfo
Files:
 af8a914ca17fccdf2bb81a9ccd0f0e52 2825 vcs optional git_2.38.1-1.dsc
 abdafbfb85d205421903a2100c734b17 7088208 vcs optional git_2.38.1.orig.tar.xz
 0f6b1dbbd7cf870b4433769c3d72e6a0 733140 vcs optional git_2.38.1-1.debian.tar.xz
 ccb61ddd515c72e896217e91166c5652 12288 vcs optional 
git_2.38.1-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCAAxFiEEUh5Y8X6W1xKqD/EC38Zx7rMz+iUFAmNge4MTHGpybmllZGVy
QGdtYWlsLmNvbQAKCRDfxnHuszP6JZmhEACXloP5VyGShmkzXieZfdL+SE+8eURk
JQ3Xuh6/Nzm0sdpHBcO1AQqlLoOJ9X/vx1BPZAW+B8j2SGYv96LmshkZebCb/j81
/8jhG+9y6Aip8zFCvHQ+wYqkgg3JTkeDEjNjvNx5tkvZpd8+Hf6Ou1J1nBfhnVTH
f7mceBwaJRoXB77fFDH4ypx3KrHkmJRYQh69PmQbOP/PcFEV9x0K7fjnlzTrmTvP
9vMckRQJjBlE8qPge/f5Pcr9l5JzUaOtnh6nz8jqvERb6F27mczjwajHvr+TuUH6
Hx041mhspnmBiDcsYQoqUA6dsoai5fDuTj4NU9ROzz6I/Tze8tuXaCyjnBJzfxyj
jJU8fXE1sYJ6GYLg55F+Py6SeJLhshXVfqyjxKNxVU7qF97RBfbE1jqFE8EBxYzV
be916Km2zScRqbhjIrbAt7SXYvN6eJZ2FgFp+z4SXytvF8n3LqQFBfWSNQ5Dyt7N
q8VyuTyfEI3FFc+EyWhRKu6k8jrXbTgDYxxPz1i+3k/EMZVbwvE/pjqQ+vljyQg2
K3O2MCyWtfxgwn7eaxv6s/+5O25gQVQQD4qaBX2j94cb3F2fz94fLy6QcKrXlu38
LzlFeRNNLwPp6U1hEGMCOLW4JxlMzKfo4ZR6fi310l4t0A3047vKsZriAxRS+yPE
fUVaUCFp0SwxmQ==
=pgxD
-----END PGP SIGNATURE-----

Reply via email to