Accepted git 1:2.20.1-2+deb10u4 (source) into oldstable

To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
Subject: Accepted git 1:2.20.1-2+deb10u4 (source) into oldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Mon, 10 Oct 2022 22:00:21 +0000
Message-id: <[🔎] E1oi0ov-008EHT-Tg@seger.debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 10 Oct 2022 23:42:09 CEST
Source: git
Architecture: source
Version: 1:2.20.1-2+deb10u4
Distribution: buster-security
Urgency: high
Maintainer: Gerrit Pape <pape@smarden.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 d082f5280e4ec8f68835ab217a50eca5514d1c84 3045 git_2.20.1-2+deb10u4.dsc
 4d13d6f363756758c89eb17430d5d1656455f0e5 648624 git_2.20.1-2+deb10u4.debian.tar.xz
 30ce8f5074a22ac600c4498c37a3c2887ac63ff2 8304 git_2.20.1-2+deb10u4_source.buildinfo
Checksums-Sha256:
 69ebfaebd3b3399b11aae11088889974a9f3df2fe59db7af9d7920347742717e 3045 git_2.20.1-2+deb10u4.dsc
 f090130a1fb44a4ac3164cd0d851f55f385768afbb55b4fb50df14ac68269e5e 648624 git_2.20.1-2+deb10u4.debian.tar.xz
 96927a08f2fe5b35e24f50eda5190fd6d1a8d99c47b31ccf7cf9882332136f18 8304 git_2.20.1-2+deb10u4_source.buildinfo
Changes:
 git (1:2.20.1-2+deb10u4) buster-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2021-40330:
     git_connect_git in connect.c allows a repository path to contain a newline
     character, which may result in unexpected cross-protocol requests, as
     demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1
     substring.
   * Fix CVE-2021-21300:
     In affected versions of Git a specially crafted repository that contains
     symbolic links as well as files using a clean/smudge filter such as Git
     LFS, may cause just-checked out script to be executed while cloning onto a
     case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default
     file systems on Windows and macOS).
Files:
 4bfd751298e908659efc57593f796d96 3045 vcs optional git_2.20.1-2+deb10u4.dsc
 37a3e61267692be2a605a12ffe6ce624 648624 vcs optional git_2.20.1-2+deb10u4.debian.tar.xz
 9b2385c3951c54be62636cbb8b0a53f4 8304 vcs optional git_2.20.1-2+deb10u4_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmNEkdJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HksM8P/R77QFQUAslpK28MIMhw86Nx8DlAgVlzvvh7
x35Yj2yqe1KVP+c+rvyPzWl4VF9OZrYOC0eMGXG3AI5zgF8MHMVxIjqcZMChgWab
3V2yYsUuIOdaH1+xvUdEvQiZNx/IzHU0tTkr2RkiBodqO+sWNZx62HJbuv6k2wjK
+WIWeYJpMVlhwrDahmCBJ7c6EnIy9d8FzU9M2Du22VALtd1noG0kRsM9M0eGLurJ
Gk4/BQxypjTtSEFveNb74PN+bz0vVDHTISDSBiIeXwZSHI3zUEObTykRbPyJkYAd
aHzDyn3pQ9U0G2qnYKnOhckgyeqxRvG1c6pmuvBPHuR3Wr96LUsm9I4yrQ530A+1
bVYwh7GckT4e9q3BLSlHBGR+g+x8UYcNIWMjB3u86pXr19FGvjBKFaD1E6GgeOt/
yZRc4gC1CV0X3j/g77FYzhbzuBUGOVYPWt5AOu3YgX28sy5cjCKqonMP43woqvzb
LZeeuc1ZYzs5MXIXkECvAB/sXZZQXVr6L3CSn66/aJm6JuP8knhfdJEv0/4eBEaz
L8/JbdEkZKhSgZ9f8hBmJecZiO1k5zLCNxNJNkEixFsB01WFIhi0qYzoKpmTjgab
ZHJwrBcMMzb0SB8ydHUmXFsmEqpAXwcVm2QyBAUPp7v531DBa/lhrOr+aLtOsEPe
m2MDNgx5
=19sW
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted strongswan 5.7.2-1+deb10u3 (source amd64 all) into oldstable
Next by Date: Accepted isc-dhcp 4.4.1-2+deb10u2 (source) into oldstable
Previous by thread: Accepted strongswan 5.7.2-1+deb10u3 (source amd64 all) into oldstable
Next by thread: Accepted isc-dhcp 4.4.1-2+deb10u2 (source) into oldstable
Index(es):
- Date
- Thread