[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted git 1:2.50.1-0.1 (source) into unstable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 29 Jul 2025 20:54:28 +0300
Source: git
Architecture: source
Version: 1:2.50.1-0.1
Distribution: unstable
Urgency: medium
Maintainer: Jonathan Nieder <jrnieder@gmail.com>
Changed-By: Adrian Bunk <bunk@debian.org>
Closes: 1108983
Changes:
 git (1:2.50.1-0.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * New upstream release.
     - CVE-2025-27613: gitk: file creation/truncation after cloning
       untrusted repository
     - CVE-2025-27614: gitk: user can be tricked into running any
       script after cloning untrusted repository
     - CVE-2025-46835: git-gui: file creation/overwriting after
       cloning untrusted repository
     - CVE-2025-48384: script execution after cloning untrusted
       repository
     - CVE-2025-48385: protocol injection when fetching
     - Closes: #1108983
Checksums-Sha1:
 b505838c95886bd3a4afe258830291a4225a565a 2676 git_2.50.1-0.1.dsc
 54416ce0aee97292caaf89ec8fb313c1ea825c2f 7880972 git_2.50.1.orig.tar.xz
 008af8c413400e3837805fdb4d2987d1c34fac84 811604 git_2.50.1-0.1.debian.tar.xz
Checksums-Sha256:
 924b0830bb42a17e36770fbff890a56ce990e3e55eab1672e0823669c4ce35e8 2676 git_2.50.1-0.1.dsc
 7e3e6c36decbd8f1eedd14d42db6674be03671c2204864befa2a41756c5c8fc4 7880972 git_2.50.1.orig.tar.xz
 66bd1e928719ce7c84c5eaee180c90da41df0e7c42ffb1c4a150319b501b3a1b 811604 git_2.50.1-0.1.debian.tar.xz
Files:
 9ea8eb4ac51608880884f2679124eafb 2676 vcs optional git_2.50.1-0.1.dsc
 2cb96fae126d66f8ff23a68f8dd5d748 7880972 vcs optional git_2.50.1.orig.tar.xz
 8a5c90661d193c6ba35b0cd41b8e9a81 811604 vcs optional git_2.50.1-0.1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmiJUxEACgkQiNJCh6LY
mLHl+g/+MIoeTTJd2wq2hDXjV/ya11VD7+tP3JKJu7J1K+VDxKMtd7jMt9zFEeTP
yvnJJhkztWedoMXvwdHSU16OyjkPMCb9g8siPsvuFeL+DFRaHzaaqccXsF58egQR
Em4qV2UTxNihtyPELThD0heMySv9PqYXgT2DRHBf8AYZIF49n/shOqwWg93VJrPs
IeWP/HwkxWiZILcgUxdvUHzUM72wPJHdeHVJ3bYpP4dGSWtRgAWO1a/5y/rKiLv+
IPcJWN6vwFairrz80XJ+JpDs7Nd6WRSC/QgaAuBEvG6W0CNJ4exBDBrbOZ1rSuvq
5f/Cirn/83Hvyg+WnbaxIzULhG6hMLP8s8qWy6hXyGPDRK62zQhStRwMfb5jbKl5
X/4fbBU2Wtbrvkf9YEVmmrnL0+STxNOMAHDRXesKvmIsHh6Gm9hsEr13YPKhHBKM
RZBJbZXUdJwbXCKlyfc5XQc9AwM42BDZ+dvDGNbi/C/Y1Cnah6i+ZlBKY5ARousW
dmnNRsNg7pKgpAW+LHQ+faJJ0O9cpgmd8o7G3ALWxktzrENTUmLiBP45uuGJJm/7
VjebNCGhC+zXqwPwSfWnYAy2/qESEVZ2vn0JOPBBnA2Y6sdQg3bAkr7suwvLUnpu
TGv701LZeFYqElFXilTxa73YIXt80wKsmiMZAC2AD2ID6ZXw1I4=
=BpgQ
-----END PGP SIGNATURE-----

Attachment: pgpVJTyyBZQij.pgp
Description: PGP signature

Reply to: