[ubuntu/jammy-security] git 1:2.34.1-1ubuntu1.8 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Tue Feb 14 18:39:50 UTC 2023
git (1:2.34.1-1ubuntu1.8) jammy-security; urgency=medium
* SECURITY UPDATE: Overwritten path and using
local clone optimization even when using a non-local transport
- debian/patches/CVE_2023-22490_and_23946/0002-*.patch: adjust
a mismatch data type in attr.c.
- debian/patches/CVE_2023-22490_and_23946/0003-*.patch: demonstrate
clone_local() with ambiguous transport in
t/t5619-clone-local-ambiguous-transport.sh.
- debian/patches/CVE_2023-22490_and_23946/0004-*.patch: delay
picking a transport until after get_repo_path() in builtin/clone.c.
- debian/patches/CVE_2023-22490_and_23946/0005-*.patch: prevent top-level
symlinks without FOLLOW_SYMLINKS in dir-iterator, dir-iterator.h,
t/t0066-dir-iterator.sh, t/t5604-clone-reference.sh.
- debian/patches/CVE_2023-22490_and_23946/0006-*.patch: fix writing behind
newly created symbolic links in apply.c, t/t4115-apply-symlink.sh.
- CVE-2023-22490
- CVE-2023-23946
Date: 2023-02-08 16:59:18.565376+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/git/1:2.34.1-1ubuntu1.8
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list