[ubuntu/focal-proposed] git 1:2.25.1-1ubuntu3 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Tue Apr 21 08:33:30 UTC 2020
git (1:2.25.1-1ubuntu3) focal; urgency=medium
* SECURITY UPDATE: credential helper issue with missing host or scheme
- debian/patches/CVE-2020-11008-1.patch: make "quit" helper more
realistic in t/t0300-credentials.sh.
- debian/patches/CVE-2020-11008-2.patch: use more realistic inputs in
t/t0300-credentials.sh.
- debian/patches/CVE-2020-11008-3.patch: parse URL without host as
empty host, not unset in credential.c, http.c,
t/t0300-credentials.sh.
- debian/patches/CVE-2020-11008-4.patch: refuse to operate when missing
host or protocol in credential.c, t/t0300-credentials.sh.
- debian/patches/CVE-2020-11008-5.patch: convert gitmodules url to URL
passed to curl in fsck.c, t/t7416-submodule-dash-url.sh.
- debian/patches/CVE-2020-11008-6.patch: die() when parsing invalid
urls in credential.c, t/t0300-credentials.sh.
- debian/patches/CVE-2020-11008-7.patch: treat URL without scheme as
invalid in credential.c, fsck.c, t/t5550-http-fetch-dumb.sh,
t/t7416-submodule-dash-url.sh.
- debian/patches/CVE-2020-11008-8.patch: treat URL with empty scheme as
invalid in credential.c, t/t5550-http-fetch-dumb.sh,
t/t7416-submodule-dash-url.sh.
- debian/patches/CVE-2020-11008-9.patch: reject URL with empty host in
.gitmodules in fsck.c, t/t7416-submodule-dash-url.sh.
- CVE-2020-11008
Date: Mon, 20 Apr 2020 11:50:03 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/git/1:2.25.1-1ubuntu3
-------------- next part --------------
Format: 1.8
Date: Mon, 20 Apr 2020 11:50:03 -0400
Source: git
Architecture: source
Version: 1:2.25.1-1ubuntu3
Distribution: focal
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
git (1:2.25.1-1ubuntu3) focal; urgency=medium
.
* SECURITY UPDATE: credential helper issue with missing host or scheme
- debian/patches/CVE-2020-11008-1.patch: make "quit" helper more
realistic in t/t0300-credentials.sh.
- debian/patches/CVE-2020-11008-2.patch: use more realistic inputs in
t/t0300-credentials.sh.
- debian/patches/CVE-2020-11008-3.patch: parse URL without host as
empty host, not unset in credential.c, http.c,
t/t0300-credentials.sh.
- debian/patches/CVE-2020-11008-4.patch: refuse to operate when missing
host or protocol in credential.c, t/t0300-credentials.sh.
- debian/patches/CVE-2020-11008-5.patch: convert gitmodules url to URL
passed to curl in fsck.c, t/t7416-submodule-dash-url.sh.
- debian/patches/CVE-2020-11008-6.patch: die() when parsing invalid
urls in credential.c, t/t0300-credentials.sh.
- debian/patches/CVE-2020-11008-7.patch: treat URL without scheme as
invalid in credential.c, fsck.c, t/t5550-http-fetch-dumb.sh,
t/t7416-submodule-dash-url.sh.
- debian/patches/CVE-2020-11008-8.patch: treat URL with empty scheme as
invalid in credential.c, t/t5550-http-fetch-dumb.sh,
t/t7416-submodule-dash-url.sh.
- debian/patches/CVE-2020-11008-9.patch: reject URL with empty host in
.gitmodules in fsck.c, t/t7416-submodule-dash-url.sh.
- CVE-2020-11008
Checksums-Sha1:
e6c06f020afa9e013e756c05eacd2fe6a00538db 2954 git_2.25.1-1ubuntu3.dsc
e1039ba344e29873906245023119ede2189d55a7 650520 git_2.25.1-1ubuntu3.debian.tar.xz
a8059d655b8e2e0c38b1eb7558014fa0de508552 9062 git_2.25.1-1ubuntu3_source.buildinfo
Checksums-Sha256:
7f47dc333299979e969f9b87a8cfd8926312e6bee01e44eef6d5a60c19bc7316 2954 git_2.25.1-1ubuntu3.dsc
384e8710d6136d7b0b2541cc950de8a0b9f8bc680cc7b889b059eb758b35792c 650520 git_2.25.1-1ubuntu3.debian.tar.xz
74fa4793160b99c6a262387c812d91d6405fda18071fc48706902a8b441c3a97 9062 git_2.25.1-1ubuntu3_source.buildinfo
Files:
f4518ddf9bc7481b552e14d5e83fb9be 2954 vcs optional git_2.25.1-1ubuntu3.dsc
5941874cb4ac78b329598c846b30e2e9 650520 vcs optional git_2.25.1-1ubuntu3.debian.tar.xz
fecc1b22948116ec0a1a0dc59ea4623e 9062 vcs optional git_2.25.1-1ubuntu3_source.buildinfo
Original-Maintainer: Jonathan Nieder <jrnieder at gmail.com>
More information about the Focal-changes
mailing list