[ubuntu/jammy-updates] git 1:2.34.1-1ubuntu1.11 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Tue May 28 15:28:24 UTC 2024


git (1:2.34.1-1ubuntu1.11) jammy-security; urgency=medium

  * SECURITY UPDATE: Facilitation of arbitrary code execution
    - debian/patches/CVE-2024-32002.patch: submodule paths
      must not contains symlinks in builtin/submodule--helper.c.
    - CVE-2024-32002
  * SECURITY UPDATE: Arbitrary code execution
    - debian/patches/CVE-2024-32004.patch: detect dubious ownership of
      local repositories in path.c, setup.c, setup.h.
    - CVE-2024-32004
  * SECURITY UPDATE: Overwrite of possible malicious hardlink
    - debian/patches/CVE-2024-32020.patch: refuse clones of unsafe
      repositories in builtin/clonse.c, t0033-safe-directory.sh.
    - CVE-2024-32020
  * SECURITY UPDATE: Unauthenticated attacker to place a repository
    on their target's local system that contains symlinks
    - debian/patches/CVE-2024-32021.patch: abort when hardlinked source and
      target file differ in builtin/clone.c
    - CVE-2024-32021
  * SECURITY UPDATE: Arbitrary code execution
    - debian/patches/CVE-2024-32465.patch: disable lazy-fetching by default
      in builtin/upload-pack.c, promisor-remote.c
    - CVE-2024-32465

Date: 2024-05-21 17:22:10.048889+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/git/1:2.34.1-1ubuntu1.11
-------------- next part --------------
Sorry, changesfile not available.


More information about the jammy-changes mailing list