Accepted git 1:2.1.4-2.1+deb8u7 (source amd64 all) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted git 1:2.1.4-2.1+deb8u7 (source amd64 all) into oldstable
From: Jonathan Nieder <jrnieder@gmail.com>
Date: Fri, 05 Oct 2018 09:00:40 +0000
Message-id: <[🔎] E1g8LyS-0007tu-1P@seger.debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 05 Oct 2018 00:41:17 -0700
Source: git
Binary: git git-man git-core git-doc git-arch git-cvs git-svn git-mediawiki git-email git-daemon-run git-daemon-sysvinit git-gui gitk git-el gitweb git-all
Architecture: source amd64 all
Version: 1:2.1.4-2.1+deb8u7
Distribution: jessie-security
Urgency: high
Maintainer: Gerrit Pape <pape@smarden.org>
Changed-By: Jonathan Nieder <jrnieder@gmail.com>
Description:
 git        - fast, scalable, distributed revision control system
 git-all    - fast, scalable, distributed revision control system (all subpacka
 git-arch   - fast, scalable, distributed revision control system (arch interop
 git-core   - fast, scalable, distributed revision control system (obsolete)
 git-cvs    - fast, scalable, distributed revision control system (cvs interope
 git-daemon-run - fast, scalable, distributed revision control system (git-daemon s
 git-daemon-sysvinit - fast, scalable, distributed revision control system (git-daemon s
 git-doc    - fast, scalable, distributed revision control system (documentatio
 git-el     - fast, scalable, distributed revision control system (emacs suppor
 git-email  - fast, scalable, distributed revision control system (email add-on
 git-gui    - fast, scalable, distributed revision control system (GUI)
 git-man    - fast, scalable, distributed revision control system (manual pages
 git-mediawiki - fast, scalable, distributed revision control system (MediaWiki in
 git-svn    - fast, scalable, distributed revision control system (svn interope
 gitk       - fast, scalable, distributed revision control system (revision tre
 gitweb     - fast, scalable, distributed revision control system (web interfac
Changes:
 git (1:2.1.4-2.1+deb8u7) jessie-security; urgency=high
 .
   * Fix CVE-2018-17456, arbitrary code execution via submodule URLs
     and paths in .gitmodules file:
     - submodule: ban submodule urls that start with a dash
     - submodule: ban submodule paths that start with a dash
     - submodule: use "--" to signal end of clone options
     - fsck: detect submodule urls that start with a dash
     - fsck: detect submodule paths that start with a dash
 .
     Thanks to joernchen of Phenoelit for discovering and reporting
     this vulnerability and to Jeff King for fixing it.
 .
   * Correct incomplete shell command injection fix in git cvsimport in
     1:2.1.4-2.1+deb8u5.  A malicious CVS server could trigger
     arbitrary code execution by a user running "git cvsimport".
     - cvsimport: apply shell-quoting regex globally
 .
     Thanks to littlelailo for discovering this vulnerability and to
     Jeff King for fixing it.
 .
   * fsck: error out when .gitmodules is a symbolic link, completing
     the backport of the patch "fsck: complain when .gitmodules is a
     symlink" in 1:2.1.4-2.1+deb8u6.  Thanks to Pavel Cahyna for the
     report and patch.
Checksums-Sha1:
 37ef5e2e481de345f9172c9e24a04642917cefb9 2846 git_2.1.4-2.1+deb8u7.dsc
 33dd55cebc4f6230e6df72b4a0058d7343ce6eb0 517256 git_2.1.4-2.1+deb8u7.debian.tar.xz
 14ea8d64b984ca8d27d82f9e4228a3c634e2cbb6 3709046 git_2.1.4-2.1+deb8u7_amd64.deb
 0c00650cbd8a936bd6bf89827cf65cd25f8f8aa8 1410472 git-doc_2.1.4-2.1+deb8u7_all.deb
 5551e925733f99bd240172955d2d827616279492 589712 git-arch_2.1.4-2.1+deb8u7_all.deb
 ffeff74bad5e7767ca6d0159aa226a953c82c12c 639642 git-cvs_2.1.4-2.1+deb8u7_all.deb
 97acd1d94f21318b916188ea170bdb163b876cb6 663390 git-svn_2.1.4-2.1+deb8u7_all.deb
 fac9bcdd81d75e83a4ee453f0c2e090cf3c729ba 592066 git-mediawiki_2.1.4-2.1+deb8u7_all.deb
 ee1e7dc5949c0b5d05b3faf8e999ee1ab61a2f90 578026 git-daemon-run_2.1.4-2.1+deb8u7_all.deb
 26fec92df2fdc55a6544dd1f9adcd6dc0ffc552a 578966 git-daemon-sysvinit_2.1.4-2.1+deb8u7_all.deb
 12340c8c40969713359a5bdede163091267a1895 596000 git-email_2.1.4-2.1+deb8u7_all.deb
 839e5c67ad2e1e273c6e1a5b4dd097c240d53aac 767588 git-gui_2.1.4-2.1+deb8u7_all.deb
 14dfe8bac9b4ffac885c42080c8fbae77c191b96 696048 gitk_2.1.4-2.1+deb8u7_all.deb
 d71ea2234fa4ba532aff616bb9c47c86b080ba16 580882 gitweb_2.1.4-2.1+deb8u7_all.deb
 f142a828eb539ffec188f9208292efddb9a2befd 576332 git-all_2.1.4-2.1+deb8u7_all.deb
 d3480651da746aa95a9f5d9890b20c254d51df38 595960 git-el_2.1.4-2.1+deb8u7_all.deb
 90ccafdc008aed825a6dd049ba90587154a76cf8 1268864 git-man_2.1.4-2.1+deb8u7_all.deb
 57cfae47abd4951335ec273032d6707945779439 1504 git-core_2.1.4-2.1+deb8u7_all.deb
Checksums-Sha256:
 016a2def5434cd2b84af9f42c73a0388c17636b998bc04bb230b047c7547a646 2846 git_2.1.4-2.1+deb8u7.dsc
 f378772b946f89e66b44c9d5b1b1f68a64561f07a1e0e7dbb94a94bbbde44442 517256 git_2.1.4-2.1+deb8u7.debian.tar.xz
 383f33b84326b79571a04ce466bfc413f56bb21ed40eba1a106ad1a4c3d585b6 3709046 git_2.1.4-2.1+deb8u7_amd64.deb
 6781116924fcaf8c674e362d2366b6300df45e2d3b255d0e2283cebd5a4bc999 1410472 git-doc_2.1.4-2.1+deb8u7_all.deb
 da6a3b8689bbd533a494433aeba3b0e8315a1d8d845d9fc853aa18c145b9cff2 589712 git-arch_2.1.4-2.1+deb8u7_all.deb
 1bac40d298c5e3d954208c98f3c47fe7941335dc6ef838cd2d22f82c53e65055 639642 git-cvs_2.1.4-2.1+deb8u7_all.deb
 00da8626b5112d4178ca9acefbe29ae197fe7ab9c53e1cdec3efa16d735cc9d4 663390 git-svn_2.1.4-2.1+deb8u7_all.deb
 6b4233ba498cbdb6561671a09d8055b465123e287abb904e690a190548f43a9e 592066 git-mediawiki_2.1.4-2.1+deb8u7_all.deb
 bae21fa689e49022447041f0f66988d5ca8363b70c43aa06aa92d5095af2f077 578026 git-daemon-run_2.1.4-2.1+deb8u7_all.deb
 74f60fe9491f52963b251c88317c26a81176395d7b8ee09a4b1e3173a73a09c7 578966 git-daemon-sysvinit_2.1.4-2.1+deb8u7_all.deb
 1c4298c1a3b58c728b32f6809a691937bbe68b311584f792de061a2f13f21f92 596000 git-email_2.1.4-2.1+deb8u7_all.deb
 ae8875deadb3e8e9b1ed72772a54152f52c62484517123e763f7a326191c150c 767588 git-gui_2.1.4-2.1+deb8u7_all.deb
 07be819f412fa246d5c63bf29e4d04eb3bf746331599e082ceedcb83a4f04074 696048 gitk_2.1.4-2.1+deb8u7_all.deb
 2e12ad5c6b16f67b9f87481c314b6380f8938750251e9c04e3290b93c8f4fc96 580882 gitweb_2.1.4-2.1+deb8u7_all.deb
 f8c2f1071494a4407ab5a59f79cedc52282062f042c529dd75d80c069b48d39e 576332 git-all_2.1.4-2.1+deb8u7_all.deb
 1d81dfabe6582a80348b0c0e36c468b0b3b9944ebc7509976360f67fb097263a 595960 git-el_2.1.4-2.1+deb8u7_all.deb
 604a83dbe3fad8aad5706e7f0382ff7d56398e63734633f153fb2a86ebf6a4aa 1268864 git-man_2.1.4-2.1+deb8u7_all.deb
 42397f5f7dbd17050218d47e2b1cf2d928324e75d4487c472c311eebd3203d52 1504 git-core_2.1.4-2.1+deb8u7_all.deb
Files:
 ff10bbf6e17b7c456e2a5d8aa4787960 2846 vcs optional git_2.1.4-2.1+deb8u7.dsc
 1249ec4892b3904a01254538e82e167e 517256 vcs optional git_2.1.4-2.1+deb8u7.debian.tar.xz
 8503cde7a6efa686464e5285dd3a9633 3709046 vcs optional git_2.1.4-2.1+deb8u7_amd64.deb
 9d33bf75b778e4beafd5ed5cde461a93 1410472 doc optional git-doc_2.1.4-2.1+deb8u7_all.deb
 d068e9eb15e936b9b335a588ace66b83 589712 vcs optional git-arch_2.1.4-2.1+deb8u7_all.deb
 c49dcebfdb8f43bce9a45848aad82c09 639642 vcs optional git-cvs_2.1.4-2.1+deb8u7_all.deb
 225a9cca1e681c372506d3efa27e032d 663390 vcs optional git-svn_2.1.4-2.1+deb8u7_all.deb
 2274d98db4edf7ad37fb965c3345b1d5 592066 vcs optional git-mediawiki_2.1.4-2.1+deb8u7_all.deb
 38cecde5beae9d4c6af9fdeb0ea6852d 578026 vcs optional git-daemon-run_2.1.4-2.1+deb8u7_all.deb
 be1e94bb6a68cd3ad772f79c4cb53c69 578966 vcs extra git-daemon-sysvinit_2.1.4-2.1+deb8u7_all.deb
 148f13668bf8dd6588be964debd19ac5 596000 vcs optional git-email_2.1.4-2.1+deb8u7_all.deb
 f1a93d81d9adcc7e39d59fd7a6bb9096 767588 vcs optional git-gui_2.1.4-2.1+deb8u7_all.deb
 797489212742ede229fc3a567acc79f4 696048 vcs optional gitk_2.1.4-2.1+deb8u7_all.deb
 5352307a91ee3a88ab4ca8b65f44b5c7 580882 vcs optional gitweb_2.1.4-2.1+deb8u7_all.deb
 32160a49b3a1556fb5663b95357b6aca 576332 vcs optional git-all_2.1.4-2.1+deb8u7_all.deb
 d71e7dcc13af6c11d6063de9903644bb 595960 vcs optional git-el_2.1.4-2.1+deb8u7_all.deb
 8860ba52192592b375fa5878f0966039 1268864 doc optional git-man_2.1.4-2.1+deb8u7_all.deb
 904200d58196d35f1cfc0203d0c50641 1504 vcs optional git-core_2.1.4-2.1+deb8u7_all.deb

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCAAxFiEEUh5Y8X6W1xKqD/EC38Zx7rMz+iUFAlu3ICkTHGpybmllZGVy
QGdtYWlsLmNvbQAKCRDfxnHuszP6JfazEACnnznqM+k8B5e38LuTBh+bVgsCA7s7
LbBNFtalOvi3yQRwVp7KtIiPoX32fser4rxvzU2nZPTnlVy1YzJ83xBIhrvxl2uy
YWvwqn38T57LoeTMfHgeVJF6Mb59D3JfF8rgbjcmf/5kGftb7r1hr+L55TFq2S4R
JpNBZmVOydSpEJaJwQWvMmc7YMZ1rHdKFdIZ90r2qN83CIj+CaTGh4qZBC7UarUH
gwNOxAZUmXOiESQIXAGVaKNWoNR0lrYp8w06H6fIYwVGaQFCwc2i07wL59pjVnCq
i4elE37qFnIzlXBvT6FxOoE/55KKbbO8/whDO0SSSxX31g7R7J1ZioMktO2r3mbO
D0oFvsIFVbD4rQjHvlJ6bLTU3BDaOKcH1LK+bk0uoV4wIzt7HR95UWD6Y3aAGunj
36pm9/EoJgbrTXQ2NTtdIz++Bh/d06K5/BTYRULVLW3u8EqLwY1Cijl8ZlqicuN/
X+KR185NBS49FIzog5VGctYJbpb916ezl2YQ2hU5/nv+M4+7R0L9MAXMPSEaASo/
YwMvdxeRefQ+zMk+Jf6vpCRV/q2WlZeUYXYimKIT0nU0sEo2YM4FeNS6Rg59Q4VP
MOXLiBKvb+DyQnO1RJM1dW6+QEavbX8/LlS26hYVup9raUen8biQiC6PlH6PMi48
3Wbi10BoMCD5Aw==
=1G02
-----END PGP SIGNATURE-----
Reply to:
Prev by Date: Accepted linux-latest 63+deb8u3 (all source) into oldstable
Next by Date: Accepted adplug 2.2.1+dfsg3-0.1+deb8u1 (source amd64) into oldstable
Previous by thread: Accepted linux-latest 63+deb8u3 (all source) into oldstable
Next by thread: Accepted adplug 2.2.1+dfsg3-0.1+deb8u1 (source amd64) into oldstable
Index(es):
- Date
- Thread