Accepted git 1:2.1.4-2.1+deb8u10 (source amd64 all) into oldoldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted git 1:2.1.4-2.1+deb8u10 (source amd64 all) into oldoldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Fri, 24 Apr 2020 00:00:23 +0000
Message-id: <[🔎] E1jRllX-0005Qh-RJ@seger.debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 21 Apr 2020 09:15:00 -0400
Source: git
Binary: git git-man git-core git-doc git-arch git-cvs git-svn git-mediawiki git-email git-daemon-run git-daemon-sysvinit git-gui gitk git-el gitweb git-all
Architecture: source amd64 all
Version: 1:2.1.4-2.1+deb8u10
Distribution: jessie-security
Urgency: high
Maintainer: Gerrit Pape <pape@smarden.org>
Changed-By: Roberto C. Sanchez <roberto@debian.org>
Description:
 git        - fast, scalable, distributed revision control system
 git-all    - fast, scalable, distributed revision control system (all subpacka
 git-arch   - fast, scalable, distributed revision control system (arch interop
 git-core   - fast, scalable, distributed revision control system (obsolete)
 git-cvs    - fast, scalable, distributed revision control system (cvs interope
 git-daemon-run - fast, scalable, distributed revision control system (git-daemon s
 git-daemon-sysvinit - fast, scalable, distributed revision control system (git-daemon s
 git-doc    - fast, scalable, distributed revision control system (documentatio
 git-el     - fast, scalable, distributed revision control system (emacs suppor
 git-email  - fast, scalable, distributed revision control system (email add-on
 git-gui    - fast, scalable, distributed revision control system (GUI)
 git-man    - fast, scalable, distributed revision control system (manual pages
 git-mediawiki - fast, scalable, distributed revision control system (MediaWiki in
 git-svn    - fast, scalable, distributed revision control system (svn interope
 gitk       - fast, scalable, distributed revision control system (revision tre
 gitweb     - fast, scalable, distributed revision control system (web interfac
Changes:
 git (1:2.1.4-2.1+deb8u10) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * Apply patches from 2.20.4 to address the security issue
     CVE-2020-11008.
 .
     With a crafted URL that contains a newline or empty host, or
     lacks a scheme, the credential helper machinery can be fooled
     into providing credential information that is not appropriate
     for the protocol in use and host being contacted.
 .
     Unlike the vulnerability fixed in 1:2.11.0-3+deb9u6, the
     credentials are not for a host of the attacker's choosing.
     Instead, they are for an unspecified host, based on how the
     configured credential helper handles an absent "host"
     parameter.
 .
     The attack has been made impossible by refusing to work with
     underspecified credential patterns.
 .
     Thanks to Carlo Arenas for reporting that Git was still
     vulnerable, Felix Wilhelm for providing the proof of concept
     demonstrating this issue, and Jeff King for promptly providing
     a corrected fix.
 .
     Tested using the proof of concept at
     https://crbug.com/project-zero/2021.
Checksums-Sha1:
 0deaf753b23ca13310c5e8ebf6abd18429313542 2821 git_2.1.4-2.1+deb8u10.dsc
 94da0fb7680e94dc14a7e339a152bf4226a5a5cb 534760 git_2.1.4-2.1+deb8u10.debian.tar.xz
 eb9ca18a7564e22c0b74ebd78380f96bb026f73f 3226734 git_2.1.4-2.1+deb8u10_amd64.deb
 0ec329ea809dd6ae5282d17b12e01889cb109274 1417624 git-doc_2.1.4-2.1+deb8u10_all.deb
 5437a8504c61ab964dec1d2be89764a24ed9a7eb 591206 git-arch_2.1.4-2.1+deb8u10_all.deb
 f475fc1ee42e47e7d16c8723cebd0863644ad329 640858 git-cvs_2.1.4-2.1+deb8u10_all.deb
 c6167d8f7ad07bb110c6a2b1be0289c3e15c4c98 664850 git-svn_2.1.4-2.1+deb8u10_all.deb
 16857cc5cda2d7cba3f3d8b583c952852a22200f 593494 git-mediawiki_2.1.4-2.1+deb8u10_all.deb
 206be3d8e4b5ad8215bf6edc527766873bbf1965 579560 git-daemon-run_2.1.4-2.1+deb8u10_all.deb
 d8e64ec2679dad72ab8478c3312daab80fb14d3f 580648 git-daemon-sysvinit_2.1.4-2.1+deb8u10_all.deb
 9a65d1829336350c054ad421005d659a6a081e62 597482 git-email_2.1.4-2.1+deb8u10_all.deb
 6293b5ec5697e5729acf89a1bc488d6c25f65f06 768776 git-gui_2.1.4-2.1+deb8u10_all.deb
 ed95d1a37727f3e9eadb013ffedeb24f0c512c18 697766 gitk_2.1.4-2.1+deb8u10_all.deb
 11dd300a014b629018dbe4967abce62e9c895b79 582414 gitweb_2.1.4-2.1+deb8u10_all.deb
 fadd40553e9e15783a2a583bc78e9826f0dea780 577916 git-all_2.1.4-2.1+deb8u10_all.deb
 f37bac850f47dd26a199de283b7eafc484fd53fa 597678 git-el_2.1.4-2.1+deb8u10_all.deb
 35eeb02a1cea77c59d8636ea17cd9e3f0fd13ac4 1270758 git-man_2.1.4-2.1+deb8u10_all.deb
 cbe48b433f5af96f5ba1d93dfee5ffee778da23a 1492 git-core_2.1.4-2.1+deb8u10_all.deb
Checksums-Sha256:
 0f3e537b9001411e940fd6ba60dc4e04c3227b5ff455b3e5b53b7e6959faa484 2821 git_2.1.4-2.1+deb8u10.dsc
 16620383020360e4bbc94d7d012ea89d44c5823e62e1724e5f730b57b398ec13 534760 git_2.1.4-2.1+deb8u10.debian.tar.xz
 bd9c4d1e6d93a770166d981eadb65fae40ba4af6550cee8f1086d36e3025102e 3226734 git_2.1.4-2.1+deb8u10_amd64.deb
 d48146987f36f2c1d071278bcab8a5bc370a068e2042e914fb6759602401b3a1 1417624 git-doc_2.1.4-2.1+deb8u10_all.deb
 8a55b66716809bb3cbe9b7576ff21282d686d906b354580586052968adbfb382 591206 git-arch_2.1.4-2.1+deb8u10_all.deb
 33a5c357f79f3879f739648f51701aa710c82b555d29a2f8f8a1184dc436e607 640858 git-cvs_2.1.4-2.1+deb8u10_all.deb
 53948232b13faad66f1fff577a879dec15dd29d9885a004ea19b9dce247b68cd 664850 git-svn_2.1.4-2.1+deb8u10_all.deb
 fe31743b5618947b5a10cd7b303eb898a2d71c992142455a96cd8b3032b9b83f 593494 git-mediawiki_2.1.4-2.1+deb8u10_all.deb
 c20ad99d91a5cf2ba1e06b6c6de7cf7321df9399e0f9ebcb99715d34b235f97f 579560 git-daemon-run_2.1.4-2.1+deb8u10_all.deb
 88d63a1bf5697311c72e0a5425a142d2479d6cab3b214606e071fe2ed9ec6194 580648 git-daemon-sysvinit_2.1.4-2.1+deb8u10_all.deb
 574590c6de0fe84e48cb3814cd198a73b3099f9ec91af16840c5ff532079e28d 597482 git-email_2.1.4-2.1+deb8u10_all.deb
 6f68ffbf833b080d430e53f68863b58114ef3d5de4834718df6744d396e84ce6 768776 git-gui_2.1.4-2.1+deb8u10_all.deb
 91c30ba94c1d10f2d2d491c5fca63bca7cf01a92d55bfb42024deccfd2c8fe1c 697766 gitk_2.1.4-2.1+deb8u10_all.deb
 be2ac5bfa6b94822de0afa62e2826d1d21731aebeb51dd82de9eb4a1e14f4b90 582414 gitweb_2.1.4-2.1+deb8u10_all.deb
 96abfc58822701ca48e54a6e8ff0f9dfc0faf8e3ab1de5f885651618f6dd8898 577916 git-all_2.1.4-2.1+deb8u10_all.deb
 2960a367eadf7a0950f98b0baae8b99655d307a45ad516f7a2b3634b87cb62c1 597678 git-el_2.1.4-2.1+deb8u10_all.deb
 470ee5353d58258d8d2f1873472fafa95dfb2a1824359ecccb6e884feafddc06 1270758 git-man_2.1.4-2.1+deb8u10_all.deb
 5e4337172ec7ba65dadc823938357a7814eb5b179ec6d8b1d56748a5ff55fb30 1492 git-core_2.1.4-2.1+deb8u10_all.deb
Files:
 ff0dbef42896174f35b2de813edc288e 2821 vcs optional git_2.1.4-2.1+deb8u10.dsc
 388719886075fea6771c7077416bd09d 534760 vcs optional git_2.1.4-2.1+deb8u10.debian.tar.xz
 59a886c8f8c28cc8f9735f6b9b3cb7a8 3226734 vcs optional git_2.1.4-2.1+deb8u10_amd64.deb
 f3ad0a91e36ece5950bbd28ba36a0cc2 1417624 doc optional git-doc_2.1.4-2.1+deb8u10_all.deb
 f12e9209fde0fc4dd68b8284038c5992 591206 vcs optional git-arch_2.1.4-2.1+deb8u10_all.deb
 b0f520bd2cd05054dcbdfb0f4e765d2c 640858 vcs optional git-cvs_2.1.4-2.1+deb8u10_all.deb
 31237b716bef5b426fcd92ea5da32e43 664850 vcs optional git-svn_2.1.4-2.1+deb8u10_all.deb
 9eef74771330c371218d3245c14d18d7 593494 vcs optional git-mediawiki_2.1.4-2.1+deb8u10_all.deb
 4c7e3b8755d45bbfe2be135241722ce2 579560 vcs optional git-daemon-run_2.1.4-2.1+deb8u10_all.deb
 3166986e1f8ee9038b9bc021a67c1f75 580648 vcs extra git-daemon-sysvinit_2.1.4-2.1+deb8u10_all.deb
 b76b9ec6091f4e19d17883080570e0c6 597482 vcs optional git-email_2.1.4-2.1+deb8u10_all.deb
 598a6ff59df1aae074baa04ed9d6bf84 768776 vcs optional git-gui_2.1.4-2.1+deb8u10_all.deb
 2c1db4eb6a91e824d9f0eb3900224f95 697766 vcs optional gitk_2.1.4-2.1+deb8u10_all.deb
 7277e11cf698b526c6666447ae92e339 582414 vcs optional gitweb_2.1.4-2.1+deb8u10_all.deb
 99a79be98c2751ce3a2a5a20bf670c31 577916 vcs optional git-all_2.1.4-2.1+deb8u10_all.deb
 957186cdaaf56cd9f82254665c1ee973 597678 vcs optional git-el_2.1.4-2.1+deb8u10_all.deb
 27bf99e51cff022bdd87835496a80a2c 1270758 doc optional git-man_2.1.4-2.1+deb8u10_all.deb
 559036de9c75cf07ae625561132cc151 1492 vcs optional git-core_2.1.4-2.1+deb8u10_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAl6iKYYACgkQLNd4Xt2n
sg9h8w/+O1Tvl8Vl5JbovuVbUvBAhg9V8Ge/rmwVPDkcgxXP1lkFzMyuYzKjPImq
md3Hao1k6LEGQaJ5y9dlUrUuP2lFqRtC5AMagnBJU2jCF44hxxBbVxYRTgvDZV3D
s6oROPJzxXCevocqbDvebfUahIdkowEgeAyYuN4sVixyrOeohm0uhJUixDvnvOLc
ifkrngCfiVxWIgwhvso5TNsI6c+NX7rpClCkb3s/pYtfIbUaTpcx0GWcyilNrblH
bLHgnHDwRYJh6csH9JU691SnykvmIr/KaWSycf6z3uTNksI/WOh3rHVzppZcaykk
4/4hWAkcF2Ee7bfBZMKuZR03S8e6kD+OOJG0LRFMaCT6OyyX45EUElD4DosfId01
eJURnmkyt70AepeYm6pfHB0Ra2AT51vDyP948aZMN+StoyONjZOluMiYiCw+UVro
7l0vzKMTVudDJubq6F2x5zn1H+y4bk/vQuRQ8SAvHZw+x1sZ7BgDwTt2GW3ePUTU
EXyiENQ76mqGdhzbIABuYvRiLcCvqzKU5wGqR2lF4r9TMWXcbfc748culJXi9DIF
nAJSthho+V4WskC6ktqzh0Z+n4N4ksyIUGUQKb9QLm0vVXX4rsHrE5oN93BnPZay
YiKO1LBbnepms8BfN86ijteKdHSWu0DSGqHjIi5HdWktQjtlnvQ=
=iq4h
-----END PGP SIGNATURE-----
Reply to:
Prev by Date: Accepted shiro 1.2.3-1+deb8u1 (source all) into oldoldstable
Next by Date: Accepted libgsf 1.14.30-2+deb8u1 (source amd64 all) into oldoldstable
Previous by thread: Accepted shiro 1.2.3-1+deb8u1 (source all) into oldoldstable
Next by thread: Accepted libgsf 1.14.30-2+deb8u1 (source amd64 all) into oldoldstable
Index(es):
- Date
- Thread