[ubuntu/kinetic-proposed] git 1:2.36.1-1ubuntu2 (Accepted)

Leonidas Da Silva Barbosa leo.barbosa at canonical.com
Fri Jul 15 13:56:14 UTC 2022 

git (1:2.36.1-1ubuntu2) kinetic; urgency=medium

  * SECURITY UPDATE: Potential arbitrary code execution
    - debian/patches/CVE-2022-29187-1.patch: adds test to
      regression git needs safe.directory when using sudo in
      t/t0034-root-safe-directory.sh.
    - debian/patches/CVE-2022-29187-2.patch: avoid failing dir ownership
      checks if running privileged in git-compat-util.h,
      t/t0034-root-safe-directory.sh.
    - debian/patches/CVE-2022-29187-3.patch: add negative tests
      and allow git init to mostly work under sudo in
      t/lib-sudo.sh b/t/lib-sudo.sh.
    - debian/patches/CVE-2022-29187-4.patch: allow root
      to access both SUDO_UID and root owned in git-compat-util.h,
      t/t0034-root-safe-directory.sh.
    - debian/patches/CVE-2022-29187-6.patch: tighten ownership checks
      post CVE-2022-24765 in setup.c.
    - CVE-2022-29187

Date: Thu, 14 Jul 2022 15:05:33 -0300
Changed-By: Leonidas Da Silva Barbosa <leo.barbosa at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/git/1:2.36.1-1ubuntu2
-------------- next part --------------
Format: 1.8
Date: Thu, 14 Jul 2022 15:05:33 -0300
Source: git
Built-For-Profiles: noudeb
Architecture: source
Version: 1:2.36.1-1ubuntu2
Distribution: kinetic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Leonidas Da Silva Barbosa <leo.barbosa at canonical.com>
Changes:
 git (1:2.36.1-1ubuntu2) kinetic; urgency=medium
 .
   * SECURITY UPDATE: Potential arbitrary code execution
     - debian/patches/CVE-2022-29187-1.patch: adds test to
       regression git needs safe.directory when using sudo in
       t/t0034-root-safe-directory.sh.
     - debian/patches/CVE-2022-29187-2.patch: avoid failing dir ownership
       checks if running privileged in git-compat-util.h,
       t/t0034-root-safe-directory.sh.
     - debian/patches/CVE-2022-29187-3.patch: add negative tests
       and allow git init to mostly work under sudo in
       t/lib-sudo.sh b/t/lib-sudo.sh.
     - debian/patches/CVE-2022-29187-4.patch: allow root
       to access both SUDO_UID and root owned in git-compat-util.h,
       t/t0034-root-safe-directory.sh.
     - debian/patches/CVE-2022-29187-6.patch: tighten ownership checks
       post CVE-2022-24765 in setup.c.
     - CVE-2022-29187
Checksums-Sha1:
 1d1f68a062d52e9d0348e860c39970eb691c8c0e 2919 git_2.36.1-1ubuntu2.dsc
 1c2c5f0b528419a0bff259cae472c1222a8b0cf9 727204 git_2.36.1-1ubuntu2.debian.tar.xz
 e73dfdcb56342251d8571dd3c98506ad74e29b80 8938 git_2.36.1-1ubuntu2_source.buildinfo
Checksums-Sha256:
 3dc6f84bc46eff90ee058aa74de1a3ebb0d6b0eda14520003a3209f6134768c3 2919 git_2.36.1-1ubuntu2.dsc
 103ec514aaa00042cd8ea98dc7d310dd4fd438bfdf5857e0aa14f2b6b768414c 727204 git_2.36.1-1ubuntu2.debian.tar.xz
 c3a56c84c0e63a66d8910243b03ae4281e63fa6069bb78d50f1ec17630b2548f 8938 git_2.36.1-1ubuntu2_source.buildinfo
Files:
 e3842cd93efc00994116c07a745a1e92 2919 vcs optional git_2.36.1-1ubuntu2.dsc
 fb8c1e097d88f37dfacd38ff5ece4745 727204 vcs optional git_2.36.1-1ubuntu2.debian.tar.xz
 a692c37688a67620910204453ebbff52 8938 vcs optional git_2.36.1-1ubuntu2_source.buildinfo
Original-Maintainer: Jonathan Nieder <jrnieder at gmail.com>

More information about the kinetic-changes mailing list