Accepted python-git 3.1.14-1+deb11u1 (source) into oldstable-security

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted python-git 3.1.14-1+deb11u1 (source) into oldstable-security
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Tue, 29 Oct 2024 13:20:18 +0000
Message-id: <[🔎] E1t5m8w-004KP0-FC@seger.debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 29 Oct 2024 13:45:33 +0100
Source: python-git
Architecture: source
Version: 3.1.14-1+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Daniel Leidert <dleidert@debian.org>
Closes: 1027163 1043503
Changes:
 python-git (3.1.14-1+deb11u1) bullseye-security; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS Team.
 .
   [ Sylvain Beucler ]
   * CVE-2022-24439: Remote Code Execution (RCE) due to improper user input
     validation, which makes it possible to inject a maliciously crafted
     remote URL into the clone command. Exploiting this vulnerability is
     possible because the library makes external calls to git without
     sufficient sanitization of input arguments. (Closes: #1027163)
   * CVE-2023-40267: Follow-up fix for CVE-2022-24439. (Closes: 1043503)
 .
   [ Daniel Leidert ]
   * CVE-2023-41040: Blind local file inclusion.
   * Adjust patches for CVE-2022-24439 and CVE-2023-40267.
Checksums-Sha1:
 14a13129df454776e73185522159e74ca2821453 2457 python-git_3.1.14-1+deb11u1.dsc
 c1ada3a86243ad5f2871394a0d6d54a7f8f069bc 171534 python-git_3.1.14.orig.tar.gz
 977d2fd2f55e2a04ce431da8606e7b4da3ce69a9 13672 python-git_3.1.14-1+deb11u1.debian.tar.xz
 6e40bf8e1aeff10f155fcdc8ee8a875bea83900c 9022 python-git_3.1.14-1+deb11u1_amd64.buildinfo
Checksums-Sha256:
 65f8f5e966b258fdcdd570e21be3c6ada3aed0de48353ff7adb4ba3feec738a3 2457 python-git_3.1.14-1+deb11u1.dsc
 be27633e7509e58391f10207cd32b2a6cf5b908f92d9cd30da2e514e1137af61 171534 python-git_3.1.14.orig.tar.gz
 99fb0a79993f2d2eebd7aa63f0dd09b37c483e52ca82a6c7518ddaa8427ee54d 13672 python-git_3.1.14-1+deb11u1.debian.tar.xz
 fdf5456c8601c6635872e6d590e92abc094932fea9ab245f47dc22ed7314a860 9022 python-git_3.1.14-1+deb11u1_amd64.buildinfo
Files:
 e2436dc8d5d57e8d529e4c482e2503de 2457 python optional python-git_3.1.14-1+deb11u1.dsc
 8d4a922cb32ce13b5c91fee1e4ecd84c 171534 python optional python-git_3.1.14.orig.tar.gz
 36b83ad09cb6f4871e5d9b244f160bda 13672 python optional python-git_3.1.14-1+deb11u1.debian.tar.xz
 5eaa4b9de5ab1774902e684643cf4283 9022 python optional python-git_3.1.14-1+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmcg3WcACgkQS80FZ8KW
0F183w/+KBpFo2xS6BHOI77NEblnfaKsk2QZBs/8h5gDkh23arHeDMP1+hVRLMRS
DfGSVM9Xz4/MJ6sET5w0/W1fIJgCwTXqYN5QcRTyzGaSOCQlagNUOI2R5y8pu637
Gqpbmh0dm2ohPxDFdmcHMR27befZNE7nUXrhP13MBxRfP1e8A9CibBOkXGLK024B
K1YVMualnd7+kK1n0wJgR8D/2I/jui8KAPxfO0I0PFS4AkpYOwElm5zq88owDHxl
IzvdlK4l09FUp4SoY5rlgqebd8nRA5q7HPk2Ay4gJ57DvI3PrO1m8C3VGJGVe/m8
W+Oi9y6UHm56loUiUITu6MoT05PC0M3aWoj4S3Ox5a2l2ez8Seyp/tdQ84B9+Vzm
Lh/o6ktkj0tQDvwl29ydohhXskdXvDMzns1Gwpr2EFYsV62tyBsqZ5lLsgyg2ssG
o47lTpch6Vx2T0TYECUPYjq4LKpMrt3j/wa4IzQm0J/i2FtKnu6HGO+T6a9UOlVJ
9xbXOJEjl90yk9olTeOG4DxFgfP+nqeRZR9iOfF8IxYD1ADl8isnLrm2CR+ARu5n
7ThoorF169tYLo8mUMRrB57itdjvWiC0KzRQR1ytyWuln6WnMztZ3MknODtWPOZf
YEuczetrCbkb7B462TbC9eMZWtLQWQkTVNFEWQcsn42nYhNVESI=
=I+yT
-----END PGP SIGNATURE-----

Attachment: pgpvaeBCb8hd7.pgp
Description: PGP signature

Reply to:

Prev by Date: Accepted exim4 4.94.2-7+deb11u4 (source) into oldstable-security
Next by Date: Accepted xorg-server 2:1.20.11-1+deb11u14 (source) into oldstable-security
Previous by thread: Accepted exim4 4.94.2-7+deb11u4 (source) into oldstable-security
Next by thread: Accepted xorg-server 2:1.20.11-1+deb11u14 (source) into oldstable-security
Index(es):
- Date
- Thread