[ubuntu/lunar-proposed] git 1:2.38.1-1ubuntu1 (Accepted)
Steve Langasek
steve.langasek at ubuntu.com
Mon Nov 7 23:53:15 UTC 2022
git (1:2.38.1-1ubuntu1) lunar; urgency=low
* Merge from Debian unstable. Remaining changes:
- Build diff-highlight in the contrib dir
- Don't build-depend on subversion on i386, it is not reasonable to
support on the partial arch.
git (1:2.38.1-1) unstable; urgency=medium
* new upstream release (closes: #1022046; see RelNotes/2.38.0.txt,
RelNotes/2.38.1.txt).
* Addresses the security issue CVE-2022-39253: cloning an
attacker-controlled local repository could store arbitrary files
in the ".git" directory of the destination repository.
Thanks to Cory Snider of Mirantis for reporting this
vulnerability and Taylor Blau for the mitigation.
* Addresses CVE-2022-39260: a long command string passed to a `git
shell` configured to support custom commands could overflow and
run arbitrary code.
Thanks to Kevin Backhouse of GitHub for reporting this
vulnerability and Kevin Backhouse, Jeff King, and Taylor Blau
for mitigating it.
Date: Mon, 07 Nov 2022 15:50:56 -0800
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/git/1:2.38.1-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Mon, 07 Nov 2022 15:50:56 -0800
Source: git
Built-For-Profiles: noudeb
Architecture: source
Version: 1:2.38.1-1ubuntu1
Distribution: lunar
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Closes: 1022046
Changes:
git (1:2.38.1-1ubuntu1) lunar; urgency=low
.
* Merge from Debian unstable. Remaining changes:
- Build diff-highlight in the contrib dir
- Don't build-depend on subversion on i386, it is not reasonable to
support on the partial arch.
.
git (1:2.38.1-1) unstable; urgency=medium
.
* new upstream release (closes: #1022046; see RelNotes/2.38.0.txt,
RelNotes/2.38.1.txt).
* Addresses the security issue CVE-2022-39253: cloning an
attacker-controlled local repository could store arbitrary files
in the ".git" directory of the destination repository.
.
Thanks to Cory Snider of Mirantis for reporting this
vulnerability and Taylor Blau for the mitigation.
.
* Addresses CVE-2022-39260: a long command string passed to a `git
shell` configured to support custom commands could overflow and
run arbitrary code.
.
Thanks to Kevin Backhouse of GitHub for reporting this
vulnerability and Kevin Backhouse, Jeff King, and Taylor Blau
for mitigating it.
Checksums-Sha1:
556dc9f5e87f3ed3d53e85bcc8648de05bf43475 2956 git_2.38.1-1ubuntu1.dsc
a1886780a89423ddb600e141d44751480eb1413f 7088208 git_2.38.1.orig.tar.xz
aaed113eb2e01484ab66cd690f091000ed86ae5b 735392 git_2.38.1-1ubuntu1.debian.tar.xz
2b0d546f87101b4bbc5248f570586ee50674cfa9 8385 git_2.38.1-1ubuntu1_source.buildinfo
Checksums-Sha256:
9697a82233841bfaeda372f66bad750fa7d4362327ce58ebe7ef21ad52b00330 2956 git_2.38.1-1ubuntu1.dsc
97ddf8ea58a2b9e0fbc2508e245028ca75911bd38d1551616b148c1aa5740ad9 7088208 git_2.38.1.orig.tar.xz
b99d8f07578f54a2d274e15b7b636267e2a340ca353bc13fb6ea9abf57d7b4f0 735392 git_2.38.1-1ubuntu1.debian.tar.xz
bc1c46d732ff416697e7556b241c476148777d464739292cae2d83a389b9b245 8385 git_2.38.1-1ubuntu1_source.buildinfo
Files:
551c4e9027b1769bc8a50d31d0ded562 2956 vcs optional git_2.38.1-1ubuntu1.dsc
abdafbfb85d205421903a2100c734b17 7088208 vcs optional git_2.38.1.orig.tar.xz
98745220ebd385e905436d55917906d9 735392 vcs optional git_2.38.1-1ubuntu1.debian.tar.xz
65b6278d50f642294451823230c6ba02 8385 vcs optional git_2.38.1-1ubuntu1_source.buildinfo
Original-Maintainer: Jonathan Nieder <jrnieder at gmail.com>
More information about the lunar-changes
mailing list