Accepted git 1:2.11.0-3+deb9u6 (source all amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted git 1:2.11.0-3+deb9u6 (source all amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Fri, 17 Apr 2020 21:47:25 +0000
Message-id: <[🔎] E1jPYpZ-0002y2-9U@fasolo.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 12 Apr 2020 17:49:00 -0700
Source: git
Binary: git git-man git-core git-doc git-arch git-cvs git-svn git-mediawiki git-email git-daemon-run git-daemon-sysvinit git-gui gitk git-el gitweb git-all
Architecture: source all amd64
Version: 1:2.11.0-3+deb9u6
Distribution: stretch-security
Urgency: high
Maintainer: Gerrit Pape <pape@smarden.org>
Changed-By: Jonathan Nieder <jrnieder@gmail.com>
Description:
 git        - fast, scalable, distributed revision control system
 git-all    - fast, scalable, distributed revision control system (all subpacka
 git-arch   - fast, scalable, distributed revision control system (arch interop
 git-core   - fast, scalable, distributed revision control system (obsolete)
 git-cvs    - fast, scalable, distributed revision control system (cvs interope
 git-daemon-run - fast, scalable, distributed revision control system (git-daemon s
 git-daemon-sysvinit - fast, scalable, distributed revision control system (git-daemon s
 git-doc    - fast, scalable, distributed revision control system (documentatio
 git-el     - fast, scalable, distributed revision control system (emacs suppor
 git-email  - fast, scalable, distributed revision control system (email add-on
 git-gui    - fast, scalable, distributed revision control system (GUI)
 git-man    - fast, scalable, distributed revision control system (manual pages
 git-mediawiki - fast, scalable, distributed revision control system (MediaWiki re
 git-svn    - fast, scalable, distributed revision control system (svn interope
 gitk       - fast, scalable, distributed revision control system (revision tre
 gitweb     - fast, scalable, distributed revision control system (web interfac
Changes:
 git (1:2.11.0-3+deb9u6) stretch-security; urgency=high
 .
   [ Salvatore Bonaccorso ]
   * Apply patches from 2.20.3 to address the security issue
     CVE-2020-5260.
 .
     With a crafted URL that contains a newline, the credential
     helper machinery can be fooled to supply credential information
     for the wrong host.  The attack has been made impossible by
     forbidding a newline character in any value passed via the
     credential protocol.
 .
     Thanks to Felix Wilhelm of Google Project Zero for finding
     this vulnerability and Jeff King for fixing it.
 .
   [ Jonathan Nieder ]
   * Apply security-relevant changes from 2.11.1:
     * doc: mention transfer data leaks in more places (thx to Matt
       McCutchen).
     * remote-curl: don't hang when a server dies before any output
       (thx to David Turner).
     * merge: avoid crlf handling related NULL dereference (thx to
       Markus Klein and Johannes Schindelin).
     * http: avoid private repository theft by mixing repositories
       (thx to Jann Horn of Google Project Zero).
     * avoid under-allocation in shallow clone code (thx to Rasmus
       Villemoes).
     * git-svn: allow "0" in SVN path components (thx to Eric Wong).
     * config: handle errors from fstat (thx to Josh Bleecher Snyder
       and Nguyễn Thái Ngọc Duy).
     * git_exec_path: do not return the result of getenv (thx to Jeff
       King).
   * Apply security-relevant changes from 2.12.1, 2.12.2, 2.12.3:
     * show-branch: avoid buffer overflow on long current branch name
       (thx to Jeff King).
     * ident: handle NULL email when complaining of empty name (thx to
       Jeff King).
     * log -L: use COPY_ARRAY to fix mis-sized memcpy on ILP32 systems
       (thx to Vegard Nossum).
     * dumb http: fix buffer underflow processing remote alternates
       (thx to Jeff King).
     * log -S: avoid out-of-bounds read with -S --pickaxe-regex (thx
       to SZEDER Gábor).
   * Apply security- and portability-relevant changes from 2.13.1,
     2.13.3, 2.13.4:
     * checkout, am: avoid NULL pointer dereference when HEAD is
       invalid (thx to René Scharfe).
     * pack-bitmap: don't perform unaligned memory access (thx to
       James Clarke).
     * apply: avoid out of bounds reads when processing malformed
       patches (thx to Vegard Nossum and René Scharfe).
     * log -g: avoid use-after-free when reading empty reflog in
       date order (thx to Jeff King).
   * Apply security-relevant changes from 2.14.3:
     * avoid reading uninitialized memory when HEAD is too short
       (thx to Jeff King).
     * fsck: avoid NULL pointer dereference when encountering
       objects of unexpected type (thx to SZEDER Gábor and René
       Scharfe).
Checksums-Sha1:
 e90b1336e6c4bc87ca08e5a454704fe724b8c669 2944 git_2.11.0-3+deb9u6.dsc
 be8311d2fee268d5aba86dc0935262bfdb246939 601716 git_2.11.0-3+deb9u6.debian.tar.xz
 44ee0d3464bffbdad49a8222d88da9eafd148e15 673506 git-all_2.11.0-3+deb9u6_all.deb
 9b1e0537ad322cb211ef57fa2aaa26d004ddbde1 686148 git-arch_2.11.0-3+deb9u6_all.deb
 35dbf62771e50d9985c6733f4c5bba036099887c 1416 git-core_2.11.0-3+deb9u6_all.deb
 1171605c5ffc1d0f826572d2ffbc64e5c4ce4a71 736502 git-cvs_2.11.0-3+deb9u6_all.deb
 bb64895d74563e0502c0f305cdda8df5b2c72458 675068 git-daemon-run_2.11.0-3+deb9u6_all.deb
 5cd2912b91b432286dfc592d99d36a7854fc0bab 675450 git-daemon-sysvinit_2.11.0-3+deb9u6_all.deb
 465fe8e3ff887a9bebf1fd3203e032a7aa208e81 30274368 git-dbgsym_2.11.0-3+deb9u6_amd64.deb
 de1d243a6deb75d356bdaabae88296322f6fcff6 1536656 git-doc_2.11.0-3+deb9u6_all.deb
 5a6704cdf4da8ea1ddc9e964726862f7e3c22da9 692994 git-el_2.11.0-3+deb9u6_all.deb
 6e94a17270adddfc86d1a20040ed1807c8e94e3e 695288 git-email_2.11.0-3+deb9u6_all.deb
 dba65a6d9a961b71c9b265fb752c260df48cc7f7 882862 git-gui_2.11.0-3+deb9u6_all.deb
 b15007da59c762c85f274b4113e85230284da4b9 1436482 git-man_2.11.0-3+deb9u6_all.deb
 085df2a8076917e40633fde6ccb70adccf1ece57 688398 git-mediawiki_2.11.0-3+deb9u6_all.deb
 d5349f765b637edd9be374b14a29610521057424 758244 git-svn_2.11.0-3+deb9u6_all.deb
 4715b003c2dba360c0e45501313eea20887d0409 13070 git_2.11.0-3+deb9u6_amd64.buildinfo
 4bb6b7ce77cb94d9a8ef28725ae6246b1fe3973e 4163854 git_2.11.0-3+deb9u6_amd64.deb
 af2edf5094dc75d1acfa82806ebb15ebd4678a92 799544 gitk_2.11.0-3+deb9u6_all.deb
 d94c34b232a31267f32213ceba7e6322df916e68 676986 gitweb_2.11.0-3+deb9u6_all.deb
Checksums-Sha256:
 f51ffaa3f77f93f311f19d7b35d6832695fc2c79eadffeaaff3af723f76f5aaa 2944 git_2.11.0-3+deb9u6.dsc
 72788b660a860138106aa106ed35a99177ca1503f007661f53750ebf6faecf24 601716 git_2.11.0-3+deb9u6.debian.tar.xz
 e2ff30f3b719cc94ee1c3ae2623ae7d28fa9653969b2251786648a3ff1a1f608 673506 git-all_2.11.0-3+deb9u6_all.deb
 35a89c33a1da5b49abb0a108d5f1cf71855c499a81a79ae4ca5281b8f354a56a 686148 git-arch_2.11.0-3+deb9u6_all.deb
 981563acc850d1535d946bf1ae07e865f3bbb37a9eb6447aa013be5fc0c5117f 1416 git-core_2.11.0-3+deb9u6_all.deb
 50240d4ab8f381180440810cc38eeca08f236010c557a42bade278de55bbc84e 736502 git-cvs_2.11.0-3+deb9u6_all.deb
 551d773f967b51905718f54e8f137e617878213e761e54214e47a8440ddf0208 675068 git-daemon-run_2.11.0-3+deb9u6_all.deb
 fdb7e6392c5debe23bbd3473758f8e026cb6803e463c3ac19765be3c1d2e3f96 675450 git-daemon-sysvinit_2.11.0-3+deb9u6_all.deb
 cf92fd1925337ed56bef3f195bd600349e44ec1f51d9d36492cfea84697dcf95 30274368 git-dbgsym_2.11.0-3+deb9u6_amd64.deb
 eec4c424dde3cc851228fcf939b51494bc31f850519cdfa441f22e94b3d791d7 1536656 git-doc_2.11.0-3+deb9u6_all.deb
 e56f8f961cd5d5a9213f2579bd3c059701ef7eb8a4cc50d1a7e0d31eb04d31c6 692994 git-el_2.11.0-3+deb9u6_all.deb
 d78f45b9725cd427c22e5fd694d8790dc68caf9a2d80879b4d6dc9d004f0d883 695288 git-email_2.11.0-3+deb9u6_all.deb
 f5c6474a0cbacf769a4c2e9c8b06134a08808a05c9871a1f7e6109cc9bfb8fbd 882862 git-gui_2.11.0-3+deb9u6_all.deb
 a35dde4c0ba4725f2595b0e4f183308e909faca5262fa05492285b5a7ba72f55 1436482 git-man_2.11.0-3+deb9u6_all.deb
 96a0ae738ffd1a1b9047c8308ee9c69fdb8cb9c03b0fcc164437b5bf63ba3514 688398 git-mediawiki_2.11.0-3+deb9u6_all.deb
 a6b646de1abd6a09ba8fe85131295df629318af8c153e9b206b6e3d74ffc2c25 758244 git-svn_2.11.0-3+deb9u6_all.deb
 1815643899b7934ddc67137a3e8ff7341401cce50c6ecd8c89726aaef8092a5c 13070 git_2.11.0-3+deb9u6_amd64.buildinfo
 14225d607847fcbddf15b047aef2aece5b25045a9cd4b4aca46f4db4d97ed569 4163854 git_2.11.0-3+deb9u6_amd64.deb
 26abe438ba065556c6404a3c5469d1a22fc7948d2b144e9716b302cf1106bc29 799544 gitk_2.11.0-3+deb9u6_all.deb
 45b5fade4c9cc382987c8cc2629408166b0dc1780556a1085af0249a20bc9d6e 676986 gitweb_2.11.0-3+deb9u6_all.deb
Files:
 8fa2e08f6960c9f64b5f83f2f26f400c 2944 vcs optional git_2.11.0-3+deb9u6.dsc
 cc4640d130468b94f56dc17717997f66 601716 vcs optional git_2.11.0-3+deb9u6.debian.tar.xz
 1ffd23adba4f51158bb09d8fb1bf4e3f 673506 vcs optional git-all_2.11.0-3+deb9u6_all.deb
 b43c9254791b40864678dec899c7969a 686148 vcs optional git-arch_2.11.0-3+deb9u6_all.deb
 201e512e4564129afde5b1fa14e6beb0 1416 vcs optional git-core_2.11.0-3+deb9u6_all.deb
 440a2bc131829b82f0daf5cdad9fa1ab 736502 vcs optional git-cvs_2.11.0-3+deb9u6_all.deb
 c054ee30ed279d4d02d2734e8e1d92ad 675068 vcs optional git-daemon-run_2.11.0-3+deb9u6_all.deb
 76625cb8422e35bbde5a922b8177838e 675450 vcs extra git-daemon-sysvinit_2.11.0-3+deb9u6_all.deb
 d93062c08ae4e9770cf60bd93ad9b044 30274368 debug extra git-dbgsym_2.11.0-3+deb9u6_amd64.deb
 0b02cad2aa93f61b66fad56e6a9b61d4 1536656 doc optional git-doc_2.11.0-3+deb9u6_all.deb
 e5a6ae6f54b4623ba5eb24808a8f2e40 692994 vcs optional git-el_2.11.0-3+deb9u6_all.deb
 70c79b518c04645083f76fb1975f9659 695288 vcs optional git-email_2.11.0-3+deb9u6_all.deb
 fe4f423f2c0a3ebe87ed02de2ab9dbdb 882862 vcs optional git-gui_2.11.0-3+deb9u6_all.deb
 ced12c2611c6cf859c73dd1a7fa9a442 1436482 doc optional git-man_2.11.0-3+deb9u6_all.deb
 1d424a1cdb9fead7f7ff00011b9034fc 688398 vcs optional git-mediawiki_2.11.0-3+deb9u6_all.deb
 89d14aa6af8d2a39b3b31c40d33820f2 758244 vcs optional git-svn_2.11.0-3+deb9u6_all.deb
 10e79abfe3bd25d29d6763bb4070da1b 13070 vcs optional git_2.11.0-3+deb9u6_amd64.buildinfo
 88b1636cdb651be242eea2fc32dbabea 4163854 vcs optional git_2.11.0-3+deb9u6_amd64.deb
 cf61e522d4ba7465857fc56b8ff6302e 799544 vcs optional gitk_2.11.0-3+deb9u6_all.deb
 dc1797058861683690a20696ae024226 676986 vcs optional gitweb_2.11.0-3+deb9u6_all.deb

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCAAxFiEEUh5Y8X6W1xKqD/EC38Zx7rMz+iUFAl6Ug3kTHGpybmllZGVy
QGdtYWlsLmNvbQAKCRDfxnHuszP6Jbk8D/9aN1T4pqPCG2SWcsXranpYcUQJO/FY
xfJ6o+n+BbGMFGhl+gv2AyxsCo1MfSZ31fXxnKLdvM6/0TxEKmgNYrLQKierYJYx
sEC46klqRLW2Sn9/mKzcKk4X406tRTDCsGDa4Pp9oCor4lVxJ7jbMrwwZ5o6MjhF
vCrsbL0WdKFUxQNrl2J5ISS03IJGSWls0Az1uDxeZb0VUe6AxIGZqOMdtbTKTUoq
R6Z97Q2ffN031aavD3jDqJ8ytX3Xvh2ErCD9E/cxeL0/Nr5+pFKonwVMn6Mq8QMG
6RMSqQOwiv8GvgmNabwJZt9+iGPIYjf1j/PuEhFNlIIPueTrW1ieiD8lPThoRKq8
SWU7L+FuR4gS5OFv+ZD03/J0oEhI5vdp+HGDPTyfYal/zoJp437INq/e5nOs+6QO
JHnGc8heCQyEMzA7sJN++kfB0d6gf3ntQqxPwWgns6/5XYbrLLhgOAOj6AkwcwkU
in/8bZ4pAxdi0swCgIKJSE3K7+PSivZlTDSTQgyMoIPRP5NrHdM/Xn+yfs8B31cC
02CDQKp3t0kmc8A6QD4FJ0xc7mPFexAReUnwlKsj8O+WQfR5+oKpsbOKVKC6T3cw
eLMfrie9GL6t4ZRCPPqfR0yZ4BvuvM1MbdnK9LMABDnWBhs+jmIac6MZH99rwM/+
yhKkg7i/G5YS5A==
=5FwO
-----END PGP SIGNATURE-----
Reply to:
Prev by Date: Accepted webkit2gtk 2.26.4-1~deb10u3 (source) into proposed-updates->stable-new, proposed-updates
Next by Date: Accepted thunderbird 1:68.7.0-1~deb9u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
Previous by thread: Accepted webkit2gtk 2.26.4-1~deb10u3 (source) into proposed-updates->stable-new, proposed-updates
Next by thread: Accepted thunderbird 1:68.7.0-1~deb9u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
Index(es):
- Date
- Thread