Debian
git package

git 1:2.38.1-1 source package in Debian

Changelog

git (1:2.38.1-1) unstable; urgency=medium

  * new upstream release (closes: #1022046; see RelNotes/2.38.0.txt,
    RelNotes/2.38.1.txt).
    * Addresses the security issue CVE-2022-39253: cloning an
      attacker-controlled local repository could store arbitrary files
      in the ".git" directory of the destination repository.

      Thanks to Cory Snider of Mirantis for reporting this
      vulnerability and Taylor Blau for the mitigation.

    * Addresses CVE-2022-39260: a long command string passed to a `git
      shell` configured to support custom commands could overflow and
      run arbitrary code.

      Thanks to Kevin Backhouse of GitHub for reporting this
      vulnerability and Kevin Backhouse, Jeff King, and Taylor Blau
      for mitigating it.

 -- Jonathan Nieder <email address hidden>  Mon, 31 Oct 2022 18:32:00 -0700

Upload details

Uploaded by:
Jonathan Nieder
Uploaded to:
Sid
Original maintainer:
Jonathan Nieder
Architectures:
any all
Section:
vcs
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
git_2.38.1-1.dsc 2.8 KiB 500be7ab00360288196aaf434efcc15e733e90dfb02157483e48196a8d56fe89
git_2.38.1.orig.tar.xz 6.8 MiB 97ddf8ea58a2b9e0fbc2508e245028ca75911bd38d1551616b148c1aa5740ad9
git_2.38.1-1.debian.tar.xz 716.0 KiB b2aec5827639f2f939774f457414a6b46f1fce1f014f76a1a48f12a980c3baca

No changes file available.

Binary packages built by this source