[ubuntu/kinetic-updates] git 1:2.37.2-1ubuntu1.5 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Mon May 1 10:28:42 UTC 2023


git (1:2.37.2-1ubuntu1.5) kinetic-security; urgency=medium

  * SECURITY UPDATE: Overwriting path
    - debian/patches/CVE-2023-25652_25815_29007/0022-*.patch: apply
      --reject overwriting existing .rej symlink if it exists in apply.c,
      t/t4115-apply-symlink.sh.
    - CVE-2023-25652
  * SECURITY UPDATE: Malicious placement of crafted messages
    - debian/patches/CVE-2023-25652_25815_29007/0024-*patch:
      avoid using gettext if the locale dir is not present in
      gettext.c.
    - CVE-2023-25815
  * SECURITY UPDATE: Arbitrary configuration injection
    - debian/patches/CVE-2023-25652_25815_29007/0025-*.patch: avoid
      fixed-sized buffer when renaming/deleting a section in config.c,
      t/t1300-config.sh.
    - debian/patches/CVE-2023-25652_25815_29007/0026-*.patch: avoid
      integer truncation in copy_or_rename_section_in_file() in config.c.
    - debian/patches/CVE-2023-25652_25815_29007/0027-*.patch: disallow
      overly-long lines in copy_or_rename_section_in_file in config.c.
    - CVE-2023-29007

Date: 2023-04-26 00:29:09.498177+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/git/1:2.37.2-1ubuntu1.5
-------------- next part --------------
Sorry, changesfile not available.


More information about the kinetic-changes mailing list