[ubuntu/focal-proposed] git 1:2.25.1-1ubuntu2 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Apr 15 19:43:39 UTC 2020 

git (1:2.25.1-1ubuntu2) focal; urgency=medium

  * SECURITY UPDATE: credential helper issue with newlines in URL
    - debian/patches/CVE-2020-5260-1.patch: avoid writing values with
      newlines in credential.c, t/t0300-credentials.sh.
    - debian/patches/CVE-2020-5260-2.patch: use test_i18ncmp to check
      stderr in t/lib-credential.sh.
    - debian/patches/CVE-2020-5260-3.patch: detect unrepresentable values
      when parsing urls in credential.c, credential.h,
      t/t0300-credentials.sh.
    - debian/patches/CVE-2020-5260-4.patch: detect gitmodules URLs with
      embedded newlines in fsck.c, t/t7416-submodule-dash-url.sh.
    - CVE-2020-5260

Date: Tue, 14 Apr 2020 08:31:47 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/git/1:2.25.1-1ubuntu2
-------------- next part --------------
Format: 1.8
Date: Tue, 14 Apr 2020 08:31:47 -0400
Source: git
Architecture: source
Version: 1:2.25.1-1ubuntu2
Distribution: focal
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 git (1:2.25.1-1ubuntu2) focal; urgency=medium
 .
   * SECURITY UPDATE: credential helper issue with newlines in URL
     - debian/patches/CVE-2020-5260-1.patch: avoid writing values with
       newlines in credential.c, t/t0300-credentials.sh.
     - debian/patches/CVE-2020-5260-2.patch: use test_i18ncmp to check
       stderr in t/lib-credential.sh.
     - debian/patches/CVE-2020-5260-3.patch: detect unrepresentable values
       when parsing urls in credential.c, credential.h,
       t/t0300-credentials.sh.
     - debian/patches/CVE-2020-5260-4.patch: detect gitmodules URLs with
       embedded newlines in fsck.c, t/t7416-submodule-dash-url.sh.
     - CVE-2020-5260
Checksums-Sha1:
 25e426c4d99c7c66abc6689cadfce939cfa385b1 2954 git_2.25.1-1ubuntu2.dsc
 61bfbdfd804ec301ca638e15ce0b38f2ccb5c6b7 642372 git_2.25.1-1ubuntu2.debian.tar.xz
 73e5efefa8a0434fc50af133a553c6fe58ebcd7c 9052 git_2.25.1-1ubuntu2_source.buildinfo
Checksums-Sha256:
 2957786f8776571a79068b51ad47fd48ec2a0a0989732c830b74b94edb5b2154 2954 git_2.25.1-1ubuntu2.dsc
 e3f784d9f295e5cc4b15d87dff302e81b15c19f5738dc782b5f0cb75016b5f9e 642372 git_2.25.1-1ubuntu2.debian.tar.xz
 846f23238ca366c4b4dbf0e2d5928c185d4681ea63a4d7846c4062e75f54580b 9052 git_2.25.1-1ubuntu2_source.buildinfo
Files:
 c2dce3690e009340ac1ff77b3abc1b98 2954 vcs optional git_2.25.1-1ubuntu2.dsc
 e6c64391e822f2abf34ecb16155f4121 642372 vcs optional git_2.25.1-1ubuntu2.debian.tar.xz
 d714e6d032afd5562b59de7dc835a149 9052 vcs optional git_2.25.1-1ubuntu2_source.buildinfo
Original-Maintainer: Jonathan Nieder <jrnieder at gmail.com>

More information about the Focal-changes mailing list