git-core 1:1.5.6.5-2 for lenny

To: debian-release@lists.debian.org
Subject: git-core 1:1.5.6.5-2 for lenny
From: Gerrit Pape <pape@smarden.org>
Date: Wed, 24 Dec 2008 10:42:01 +0000
Message-id: <[🔎] 20081224104201.11764.qmail@4705df11587d4e.315fe32.mid.smarden.org>
Mail-followup-to: debian-release@lists.debian.org

Hi, please have git-core version 1:1.5.6.5-2 migrate to lenny, it
contains a security fix.

 git-core (1:1.5.6.5-2) unstable; urgency=high

   * debian/diff/0005-gitweb-do-not-run-git-diff-that-is-Porcelain.diff:
     new; fix possible gitweb vulnerability: calling "git diff": Jakub
     says that legacy-style URI to view two blob differences are never
     generated since 1.4.3.  This codepath runs "git diff" Porcelain from
     the gitweb, which is a no-no.  It can trigger diff.external command
     that is specified in the configuration file of the repository being
     viewed.

Regards, Gerrit.

Reply to:

Follow-Ups:
- Re: git-core 1:1.5.6.5-2 for lenny
  - From: Marc 'HE' Brockschmidt <he@ftwca.de>

Prev by Date: Recent avfs upload
Next by Date: Unblock request for qemu/0.9.1-9
Previous by thread: Re: Recent avfs upload
Next by thread: Re: git-core 1:1.5.6.5-2 for lenny
Index(es):
- Date
- Thread