[ubuntu/kinetic-security] git 1:2.37.2-1ubuntu1.5 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Mon May 1 09:43:53 UTC 2023
git (1:2.37.2-1ubuntu1.5) kinetic-security; urgency=medium
* SECURITY UPDATE: Overwriting path
- debian/patches/CVE-2023-25652_25815_29007/0022-*.patch: apply
--reject overwriting existing .rej symlink if it exists in apply.c,
t/t4115-apply-symlink.sh.
- CVE-2023-25652
* SECURITY UPDATE: Malicious placement of crafted messages
- debian/patches/CVE-2023-25652_25815_29007/0024-*patch:
avoid using gettext if the locale dir is not present in
gettext.c.
- CVE-2023-25815
* SECURITY UPDATE: Arbitrary configuration injection
- debian/patches/CVE-2023-25652_25815_29007/0025-*.patch: avoid
fixed-sized buffer when renaming/deleting a section in config.c,
t/t1300-config.sh.
- debian/patches/CVE-2023-25652_25815_29007/0026-*.patch: avoid
integer truncation in copy_or_rename_section_in_file() in config.c.
- debian/patches/CVE-2023-25652_25815_29007/0027-*.patch: disallow
overly-long lines in copy_or_rename_section_in_file in config.c.
- CVE-2023-29007
Date: 2023-04-26 00:29:09.498177+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/git/1:2.37.2-1ubuntu1.5
-------------- next part --------------
Sorry, changesfile not available.
More information about the kinetic-changes
mailing list