[ubuntu/kinetic-updates] git 1:2.37.2-1ubuntu1.4 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Tue Feb 14 19:28:40 UTC 2023
git (1:2.37.2-1ubuntu1.4) kinetic-security; urgency=medium
* SECURITY UPDATE: Overwritten path and using
local clone optimization even when using a non-local transport
- debian/patches/CVE_2023-22490_and_23946/0002-*.patch: adjust
a mismatch data type in attr.c.
- debian/patches/CVE_2023-22490_and_23946/0003-*.patch: demonstrate
clone_local() with ambiguous transport in
t/t5619-clone-local-ambiguous-transport.sh.
- debian/patches/CVE_2023-22490_and_23946/0004-*.patch: delay
picking a transport until after get_repo_path() in builtin/clone.c.
- debian/patches/CVE_2023-22490_and_23946/0005-*.patch: prevent top-level
symlinks without FOLLOW_SYMLINKS in dir-iterator, dir-iterator.h,
t/t0066-dir-iterator.sh, t/t5604-clone-reference.sh.
- debian/patches/CVE_2023-22490_and_23946/0006-*.patch: fix writing behind
newly created symbolic links in apply.c, t/t4115-apply-symlink.sh.
- CVE-2023-22490
- CVE-2023-23946
Date: 2023-02-08 16:59:14.833038+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/git/1:2.37.2-1ubuntu1.4
-------------- next part --------------
Sorry, changesfile not available.
More information about the kinetic-changes
mailing list