Accepted git 1:2.38.1-1 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted git 1:2.38.1-1 (source) into unstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Tue, 01 Nov 2022 02:34:48 +0000
Message-id: <[🔎] E1oph72-00ByAO-T3@fasolo.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 31 Oct 2022 18:32:00 -0700
Source: git
Architecture: source
Version: 1:2.38.1-1
Distribution: unstable
Urgency: medium
Maintainer: Jonathan Nieder <jrnieder@gmail.com>
Changed-By: Jonathan Nieder <jrnieder@gmail.com>
Closes: 1022046
Changes:
 git (1:2.38.1-1) unstable; urgency=medium
 .
   * new upstream release (closes: #1022046; see RelNotes/2.38.0.txt,
     RelNotes/2.38.1.txt).
     * Addresses the security issue CVE-2022-39253: cloning an
       attacker-controlled local repository could store arbitrary files
       in the ".git" directory of the destination repository.
 .
       Thanks to Cory Snider of Mirantis for reporting this
       vulnerability and Taylor Blau for the mitigation.
 .
     * Addresses CVE-2022-39260: a long command string passed to a `git
       shell` configured to support custom commands could overflow and
       run arbitrary code.
 .
       Thanks to Kevin Backhouse of GitHub for reporting this
       vulnerability and Kevin Backhouse, Jeff King, and Taylor Blau
       for mitigating it.
Checksums-Sha1:
 449c41de458306bfdb5c3799304325abedf3c1b4 2825 git_2.38.1-1.dsc
 a1886780a89423ddb600e141d44751480eb1413f 7088208 git_2.38.1.orig.tar.xz
 488bf4953a4480e6bcbc0f751caede0e2b938cd0 733140 git_2.38.1-1.debian.tar.xz
 4ff32dc38d82a5ee5c99a9c3e98de859830a1e00 12288 git_2.38.1-1_amd64.buildinfo
Checksums-Sha256:
 500be7ab00360288196aaf434efcc15e733e90dfb02157483e48196a8d56fe89 2825 git_2.38.1-1.dsc
 97ddf8ea58a2b9e0fbc2508e245028ca75911bd38d1551616b148c1aa5740ad9 7088208 git_2.38.1.orig.tar.xz
 b2aec5827639f2f939774f457414a6b46f1fce1f014f76a1a48f12a980c3baca 733140 git_2.38.1-1.debian.tar.xz
 07d50f78c51a4b7ab5aeb01f35a509a0b612f926c2ec73de495a05f8af80137c 12288 git_2.38.1-1_amd64.buildinfo
Files:
 af8a914ca17fccdf2bb81a9ccd0f0e52 2825 vcs optional git_2.38.1-1.dsc
 abdafbfb85d205421903a2100c734b17 7088208 vcs optional git_2.38.1.orig.tar.xz
 0f6b1dbbd7cf870b4433769c3d72e6a0 733140 vcs optional git_2.38.1-1.debian.tar.xz
 ccb61ddd515c72e896217e91166c5652 12288 vcs optional git_2.38.1-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCAAxFiEEUh5Y8X6W1xKqD/EC38Zx7rMz+iUFAmNge4MTHGpybmllZGVy
QGdtYWlsLmNvbQAKCRDfxnHuszP6JZmhEACXloP5VyGShmkzXieZfdL+SE+8eURk
JQ3Xuh6/Nzm0sdpHBcO1AQqlLoOJ9X/vx1BPZAW+B8j2SGYv96LmshkZebCb/j81
/8jhG+9y6Aip8zFCvHQ+wYqkgg3JTkeDEjNjvNx5tkvZpd8+Hf6Ou1J1nBfhnVTH
f7mceBwaJRoXB77fFDH4ypx3KrHkmJRYQh69PmQbOP/PcFEV9x0K7fjnlzTrmTvP
9vMckRQJjBlE8qPge/f5Pcr9l5JzUaOtnh6nz8jqvERb6F27mczjwajHvr+TuUH6
Hx041mhspnmBiDcsYQoqUA6dsoai5fDuTj4NU9ROzz6I/Tze8tuXaCyjnBJzfxyj
jJU8fXE1sYJ6GYLg55F+Py6SeJLhshXVfqyjxKNxVU7qF97RBfbE1jqFE8EBxYzV
be916Km2zScRqbhjIrbAt7SXYvN6eJZ2FgFp+z4SXytvF8n3LqQFBfWSNQ5Dyt7N
q8VyuTyfEI3FFc+EyWhRKu6k8jrXbTgDYxxPz1i+3k/EMZVbwvE/pjqQ+vljyQg2
K3O2MCyWtfxgwn7eaxv6s/+5O25gQVQQD4qaBX2j94cb3F2fz94fLy6QcKrXlu38
LzlFeRNNLwPp6U1hEGMCOLW4JxlMzKfo4ZR6fi310l4t0A3047vKsZriAxRS+yPE
fUVaUCFp0SwxmQ==
=pgxD
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted lme4 1.1-31-1 (source) into unstable
Next by Date: Accepted shaarli 0.12.1+dfsg-6 (source) into unstable
Previous by thread: Accepted lme4 1.1-31-1 (source) into unstable
Next by thread: Accepted shaarli 0.12.1+dfsg-6 (source) into unstable
Index(es):
- Date
- Thread