[ubuntu/focal-security] git 1:2.25.1-1ubuntu3.12 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Tue May 28 14:05:11 UTC 2024
git (1:2.25.1-1ubuntu3.12) focal-security; urgency=medium
* SECURITY UPDATE: Arbitrary code execution
- debian/patches/CVE-2024-32004.patch: detect dubious ownership of
local repositories in path.c, setup.c, setup.h.
- CVE-2024-32004
* SECURITY UPDATE: Overwrite of possible malicious hardlink
- debian/patches/CVE-2024-32020.patch: refuse clones of unsafe
repositories in builtin/clonse.c, t0033-safe-directory.sh.
- CVE-2024-32020
* SECURITY UPDATE: Unauthenticated attacker to place a repository
on their target's local system that contains symlinks
- debian/patches/CVE-2024-32021.patch: abort when hardlinked source and
target file differ in builtin/clone.c
- CVE-2024-32021
* SECURITY UPDATE: Arbitrary code execution
- debian/patches/CVE-2024-32465.patch: disable lazy-fetching by default
in builtin/upload-pack.c, promisor-remote.c
- CVE-2024-32465
Date: 2024-05-27 11:18:09.464528+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/git/1:2.25.1-1ubuntu3.12
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list