[ubuntu/noble-security] git 1:2.43.0-1ubuntu7.1 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Tue May 28 14:04:55 UTC 2024
git (1:2.43.0-1ubuntu7.1) noble-security; urgency=medium
* SECURITY UPDATE: Facilitation of arbitrary code execution
- debian/patches/CVE-2024-32002.patch: submodule paths
must not contains symlinks in builtin/submodule--helper.c.
- CVE-2024-32002
* SECURITY UPDATE: Arbitrary code execution
- debian/patches/CVE-2024-32004.patch: detect dubious ownership of
local repositories in path.c, setup.c, setup.h.
- CVE-2024-32004
* SECURITY UPDATE: Overwrite of possible malicious hardlink
- debian/patches/CVE-2024-32020.patch: refuse clones of unsafe
repositories in builtin/clonse.c, t0033-safe-directory.sh.
- CVE-2024-32020
* SECURITY UPDATE: Unauthenticated attacker to place a repository
on their target's local system that contains symlinks
- debian/patches/CVE-2024-32021.patch: abort when hardlinked source and
target file differ in builtin/clone.c
- CVE-2024-32021
* SECURITY UPDATE: Arbitrary code execution
- debian/patches/CVE-2024-32465.patch: disable lazy-fetching by default
in builtin/upload-pack.c, promisor-remote.c
- CVE-2024-32465
Date: 2024-05-20 16:32:12.034654+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/git/1:2.43.0-1ubuntu7.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list