Change log for git package in Ubuntu
1 → 75 of 216 results | First • Previous • Next • Last |
git (1:2.43.0-1ubuntu7) noble; urgency=high * No change rebuild against libcurl3t64-gnutls. -- Julian Andres Klode <email address hidden> Mon, 08 Apr 2024 16:39:51 +0200
Available diffs
- diff from 1:2.43.0-1ubuntu6 to 1:2.43.0-1ubuntu7 (326 bytes)
git (1:2.43.0-1ubuntu6) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek <email address hidden> Sun, 31 Mar 2024 00:07:01 +0000
Available diffs
- diff from 1:2.43.0-1ubuntu5 to 1:2.43.0-1ubuntu6 (305 bytes)
git (1:2.43.0-1ubuntu5) noble; urgency=medium * Run tests again. -- Matthias Klose <email address hidden> Sat, 16 Mar 2024 13:18:21 +0100
Available diffs
- diff from 1:2.43.0-1ubuntu1 to 1:2.43.0-1ubuntu5 (404 bytes)
- diff from 1:2.43.0-1ubuntu4 to 1:2.43.0-1ubuntu5 (437 bytes)
Superseded in noble-proposed |
git (1:2.43.0-1ubuntu4) noble; urgency=medium * Run tests again. -- Matthias Klose <email address hidden> Sat, 16 Mar 2024 13:18:21 +0100
Available diffs
- diff from 1:2.43.0-1ubuntu3 to 1:2.43.0-1ubuntu4 (314 bytes)
Superseded in noble-proposed |
git (1:2.43.0-1ubuntu3) noble; urgency=medium * Don't run tests for a first build against libcurl3t64-gnutls. -- Matthias Klose <email address hidden> Sat, 16 Mar 2024 13:17:23 +0100
Available diffs
- diff from 1:2.43.0-1ubuntu2 to 1:2.43.0-1ubuntu3 (548 bytes)
Superseded in noble-proposed |
git (1:2.43.0-1ubuntu2) noble; urgency=medium * No-change rebuild against libcurl3t64-gnutls -- Steve Langasek <email address hidden> Sat, 16 Mar 2024 06:55:53 +0000
Available diffs
- diff from 1:2.43.0-1ubuntu1 to 1:2.43.0-1ubuntu2 (330 bytes)
Deleted in noble-updates (Reason: superseded by release) |
Superseded in noble-release |
Deleted in noble-proposed (Reason: Moved to noble) |
git (1:2.43.0-1ubuntu1) noble; urgency=medium * Merge from Debian Unstable. Remaining changes: - Build diff-highlight in the contrib dir - Don't build-depend on subversion on i386, it is not reasonable to support on the partial arch.
Available diffs
Superseded in noble-proposed |
git (1:2.42.0-1ubuntu1) noble; urgency=medium * Merge from Debian unstable. Remaining changes: - Build diff-highlight in the contrib dir - Don't build-depend on subversion on i386, it is not reasonable to support on the partial arch.
Available diffs
- diff from 1:2.40.1-1ubuntu1 to 1:2.42.0-1ubuntu1 (994.8 KiB)
git (1:2.34.1-1ubuntu1.10) jammy; urgency=medium * Fix issue where untracked files are not recovered during a stash pop/apply operation when a merge conflict is present. Untracked files are now correctly restored regardless if a conflict is present or not. (LP: #2026319) - d/p/lp-2026319-stash-do-not-return-before-restoring-untracked-files.patch -- Matthew Ruffell <email address hidden> Fri, 07 Jul 2023 14:31:14 +1200
Superseded in noble-release |
Published in mantic-release |
Deleted in mantic-proposed (Reason: Moved to mantic) |
git (1:2.40.1-1ubuntu1) mantic; urgency=low * Merge from Debian unstable. Remaining changes: - Build diff-highlight in the contrib dir - Don't build-depend on subversion on i386, it is not reasonable to support on the partial arch. * Dropped changes, included upstream: - debian/patches/CVE-2023_25652_25815_29007/0022-*.patch: apply --reject overwriting existing .rej symlink if it exists in apply.c, t/t4115-apply-symlink.sh. - debian/patches/CVE-2023_25652_25815_29007/0024-*patch: avoid using gettext if the locale dir is not present in gettext.c. - debian/patches/CVE-2023_25652_25815_29007/0025-*.patch: avoid fixed-sized buffer when renaming/deleting a section in config.c, t/t1300-config.sh. - debian/patches/CVE-2023_25652_25815_29007/0026-*.patch: avoid integer truncation in copy_or_rename_section_in_file() in config.c. - debian/patches/CVE-2023_25652_25815_29007/0027-*.patch: disallow overly-long lines in copy_or_rename_section_in_file in config.c.
Available diffs
git (1:2.17.1-1ubuntu0.18) bionic-security; urgency=medium * SECURITY UPDATE: Overwriting path - debian/patches/CVE-2023_25652_25815_29007/0022-*.patch: apply --reject overwriting existing .rej symlink if it exists in apply.c, t/t4115-apply-symlink.sh. - CVE-2023-25652 * SECURITY UPDATE: Malicious placement of crafted messages - debian/patches/CVE-2023_25652_25815_29007/0024-*patch: avoid using gettext if the locale dir is not present in gettext.c. - CVE-2023-25815 * SECURITY UPDATE: Arbitrary configuration injection - debian/patches/CVE-2023_25652_25815_29007/0025-*.patch: avoid fixed-sized buffer when renaming/deleting a section in config.c. - debian/patches/CVE-2023_25652_25815_29007/0026-*.patch: avoid integer truncation in copy_or_rename_section_in_file() in config.c. - debian/patches/CVE-2023_25652_25815_29007/0027-*.patch: disallow overly-long lines in copy_or_rename_section_in_file in config.c. - CVE-2023-29007 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 26 Apr 2023 11:14:45 -0300
Available diffs
git (1:2.25.1-1ubuntu3.11) focal-security; urgency=medium * SECURITY UPDATE: Overwriting path - debian/patches/CVE-2023_25652_25815_29007/0022-*.patch: apply --reject overwriting existing .rej symlink if it exists in apply.c, t/t4115-apply-symlink.sh. - CVE-2023-25652 * SECURITY UPDATE: Malicious placement of crafted messages - debian/patches/CVE-2023_25652_25815_29007/0024-*patch: avoid using gettext if the locale dir is not present in gettext.c. - CVE-2023-25815 * SECURITY UPDATE: Arbitrary configuration injection - debian/patches/CVE-2023_25652_25815_29007/0025-*.patch: avoid fixed-sized buffer when renaming/deleting a section in config.c, t/t1300-config.sh. - debian/patches/CVE-2023_25652_25815_29007/0026-*.patch: avoid integer truncation in copy_or_rename_section_in_file() in config.c. - debian/patches/CVE-2023_25652_25815_29007/0027-*.patch: disallow overly-long lines in copy_or_rename_section_in_file in config.c. - CVE-2023-29007 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 26 Apr 2023 09:52:23 -0300
Available diffs
Superseded in mantic-release |
Deleted in mantic-proposed (Reason: Moved to mantic) |
Published in lunar-updates |
Published in lunar-security |
git (1:2.39.2-1ubuntu1.1) lunar-security; urgency=medium * SECURITY UPDATE: Overwriting path - debian/patches/CVE-2023_25652_25815_29007/0022-*.patch: apply --reject overwriting existing .rej symlink if it exists in apply.c, t/t4115-apply-symlink.sh. - CVE-2023-25652 * SECURITY UPDATE: Malicious placement of crafted messages - debian/patches/CVE-2023_25652_25815_29007/0024-*patch: avoid using gettext if the locale dir is not present in gettext.c. - CVE-2023-25815 * SECURITY UPDATE: Arbitrary configuration injection - debian/patches/CVE-2023_25652_25815_29007/0025-*.patch: avoid fixed-sized buffer when renaming/deleting a section in config.c, t/t1300-config.sh. - debian/patches/CVE-2023_25652_25815_29007/0026-*.patch: avoid integer truncation in copy_or_rename_section_in_file() in config.c. - debian/patches/CVE-2023_25652_25815_29007/0027-*.patch: disallow overly-long lines in copy_or_rename_section_in_file in config.c. - CVE-2023-29007 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 24 Apr 2023 13:01:23 -0300
Available diffs
git (1:2.34.1-1ubuntu1.9) jammy-security; urgency=medium * SECURITY UPDATE: Overwriting path - debian/patches/CVE-2023_25652_25815_29007/0022-*.patch: apply --reject overwriting existing .rej symlink if it exists in apply.c, t/t4115-apply-symlink.sh. - CVE-2023-25652 * SECURITY UPDATE: Malicious placement of crafted messages - debian/patches/CVE-2023_25652_25815_29007/0024-*patch: avoid using gettext if the locale dir is not present in gettext.c. - CVE-2023-25815 * SECURITY UPDATE: Arbitrary configuration injection - debian/patches/CVE-2023_25652_25815_29007/0025-*.patch: avoid fixed-sized buffer when renaming/deleting a section in config.c, t/t1300-config.sh. - debian/patches/CVE-2023_25652_25815_29007/0026-*.patch: avoid integer truncation in copy_or_rename_section_in_file() in config.c. - debian/patches/CVE-2023_25652_25815_29007/0027-*.patch: disallow overly-long lines in copy_or_rename_section_in_file in config.c. - CVE-2023-29007 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 26 Apr 2023 06:43:33 -0300
Available diffs
git (1:2.37.2-1ubuntu1.5) kinetic-security; urgency=medium * SECURITY UPDATE: Overwriting path - debian/patches/CVE-2023-25652_25815_29007/0022-*.patch: apply --reject overwriting existing .rej symlink if it exists in apply.c, t/t4115-apply-symlink.sh. - CVE-2023-25652 * SECURITY UPDATE: Malicious placement of crafted messages - debian/patches/CVE-2023-25652_25815_29007/0024-*patch: avoid using gettext if the locale dir is not present in gettext.c. - CVE-2023-25815 * SECURITY UPDATE: Arbitrary configuration injection - debian/patches/CVE-2023-25652_25815_29007/0025-*.patch: avoid fixed-sized buffer when renaming/deleting a section in config.c, t/t1300-config.sh. - debian/patches/CVE-2023-25652_25815_29007/0026-*.patch: avoid integer truncation in copy_or_rename_section_in_file() in config.c. - debian/patches/CVE-2023-25652_25815_29007/0027-*.patch: disallow overly-long lines in copy_or_rename_section_in_file in config.c. - CVE-2023-29007 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 24 Apr 2023 14:29:14 -0300
Available diffs
git (1:2.17.1-1ubuntu0.17) bionic-security; urgency=medium * SECURITY REGRESSION: Adding missing parts of CVE-2023-22490 local repository clone when .git/objects is a symlink - debian/patches/CVE_2023_22490_and_23946/0001-dir-iterator-refactor*.patch - debian/patches/CVE_2023_22490_and_23946/0005-dir-iterator-add-flags*.patch (LP: #2008277). -- Leonidas Da Silva Barbosa <email address hidden> Mon, 27 Feb 2023 11:27:06 -0300
Available diffs
Superseded in mantic-release |
Published in lunar-release |
Deleted in lunar-proposed (Reason: Moved to lunar) |
git (1:2.39.2-1ubuntu1) lunar; urgency=medium * Merge from Debian Unstable. Remaining changes: - Build diff-highlight in the contrib dir - Don't build-depend on subversion on i386, it is not reasonable to support on the partial arch.
Available diffs
Superseded in lunar-proposed |
git (1:2.39.1-0.1ubuntu1) lunar; urgency=medium * Merge from Debian Unstable. Remaining changes: - Build diff-highlight in the contrib dir - Don't build-depend on subversion on i386, it is not reasonable to support on the partial arch.
Available diffs
git (1:2.34.1-1ubuntu1.8) jammy-security; urgency=medium * SECURITY UPDATE: Overwritten path and using local clone optimization even when using a non-local transport - debian/patches/CVE_2023-22490_and_23946/0002-*.patch: adjust a mismatch data type in attr.c. - debian/patches/CVE_2023-22490_and_23946/0003-*.patch: demonstrate clone_local() with ambiguous transport in t/t5619-clone-local-ambiguous-transport.sh. - debian/patches/CVE_2023-22490_and_23946/0004-*.patch: delay picking a transport until after get_repo_path() in builtin/clone.c. - debian/patches/CVE_2023-22490_and_23946/0005-*.patch: prevent top-level symlinks without FOLLOW_SYMLINKS in dir-iterator, dir-iterator.h, t/t0066-dir-iterator.sh, t/t5604-clone-reference.sh. - debian/patches/CVE_2023-22490_and_23946/0006-*.patch: fix writing behind newly created symbolic links in apply.c, t/t4115-apply-symlink.sh. - CVE-2023-22490 - CVE-2023-23946 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 08 Feb 2023 10:57:45 -0300
Available diffs
git (1:2.37.2-1ubuntu1.4) kinetic-security; urgency=medium * SECURITY UPDATE: Overwritten path and using local clone optimization even when using a non-local transport - debian/patches/CVE_2023-22490_and_23946/0002-*.patch: adjust a mismatch data type in attr.c. - debian/patches/CVE_2023-22490_and_23946/0003-*.patch: demonstrate clone_local() with ambiguous transport in t/t5619-clone-local-ambiguous-transport.sh. - debian/patches/CVE_2023-22490_and_23946/0004-*.patch: delay picking a transport until after get_repo_path() in builtin/clone.c. - debian/patches/CVE_2023-22490_and_23946/0005-*.patch: prevent top-level symlinks without FOLLOW_SYMLINKS in dir-iterator, dir-iterator.h, t/t0066-dir-iterator.sh, t/t5604-clone-reference.sh. - debian/patches/CVE_2023-22490_and_23946/0006-*.patch: fix writing behind newly created symbolic links in apply.c, t/t4115-apply-symlink.sh. - CVE-2023-22490 - CVE-2023-23946 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 08 Feb 2023 09:17:55 -0300
Available diffs
git (1:2.17.1-1ubuntu0.16) bionic-security; urgency=medium * SECURITY UPDATE: Overwritten path and using local clone optimization even when using a non-local transport - debian/patches/CVE_2023-22490_and_23946/0002-*.patch: adjust a mismatch data type in attr.c. - debian/patches/CVE_2023-22490_and_23946/0003-*.patch: demonstrate clone_local() with ambiguous transport in t/t5619-clone-local-ambiguous-transport.sh. - debian/patches/CVE_2023-22490_and_23946/0004-*.patch: delay picking a transport until after get_repo_path() in builtin/clone.c. - debian/patches/CVE_2023-22490_and_23946/0006-*.patch: fix writing behind newly created symbolic links in apply.c, t/t4115-apply-symlink.sh. - CVE-2023-22490 - CVE-2023-23946 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 08 Feb 2023 12:09:34 -0300
git (1:2.25.1-1ubuntu3.10) focal-security; urgency=medium * SECURITY UPDATE: Overwritten path and using local clone optimization even when using a non-local transport - debian/patches/CVE_2023-22490_and_23946/0002-*.patch: adjust a mismatch data type in attr.c. - debian/patches/CVE_2023-22490_and_23946/0003-*.patch: demonstrate clone_local() with ambiguous transport in t/t5619-clone-local-ambiguous-transport.sh. - debian/patches/CVE_2023-22490_and_23946/0004-*.patch: delay picking a transport until after get_repo_path() in builtin/clone.c. - debian/patches/CVE_2023-22490_and_23946/0005-*.patch: prevent top-level symlinks without FOLLOW_SYMLINKS in dir-iterator, dir-iterator.h, t/t0066-dir-iterator.sh, t/t5604-clone-reference.sh. - debian/patches/CVE_2023-22490_and_23946/0006-*.patch: fix writing behind newly created symbolic links in apply.c, t/t4115-apply-symlink.sh. - CVE-2023-22490 - CVE-2023-23946 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 08 Feb 2023 11:21:13 -0300
Available diffs
git (1:2.17.1-1ubuntu0.15) bionic-security; urgency=medium * SECURITY REGRESSION: Previous update was incomplete what could causes regressions - debian/patches/CVE_2022_23521_and_41903/0012-*.patch: update patch with missed parts (LP: #2003246). -- Leonidas Da Silva Barbosa <email address hidden> Thu, 19 Jan 2023 08:37:09 -0300
Available diffs
git (1:2.25.1-1ubuntu3.8) focal-security; urgency=medium * SECURITY REGRESSION: Previous update was incomplete what could causes regressions - debian/patches/CVE_2022_23521_and_41903/0012-*.patch: update patch with missed parts (LP: #2003246). -- Leonidas Da Silva Barbosa <email address hidden> Thu, 19 Jan 2023 08:22:47 -0300
Available diffs
git (1:2.37.2-1ubuntu1.2) kinetic-security; urgency=medium * SECURITY UPDATE: Integer overflow - debian/patches/CVE_2022_23521_and_41903/00*.patch: attr.c, attr.h, pretty.c, column.c, utf8.c, utf8.h, t/t4205-log-pretty-formats.sh, t/test-lib.sh, git-compat-util.h, t/t0003-attributes.sh. - CVE-2022-23521 - CVE-2022-41903 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 11 Jan 2023 14:29:53 -0300
Available diffs
git (1:2.34.1-1ubuntu1.6) jammy-security; urgency=medium * SECURITY UPDATE: Integer overflow - debian/patches/CVE_2022_23521_and_41903/00*.patch: attr.c, attr.h, pretty.c, column.c, utf8.c, utf8.h, t/t4205-log-pretty-formats.sh, t/test-lib.sh, git-compat-util.h, t/t0003-attributes.sh. - CVE-2022-23521 - CVE-2022-41903 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 11 Jan 2023 15:12:27 -0300
Available diffs
git (1:2.25.1-1ubuntu3.7) focal-security; urgency=medium * SECURITY UPDATE: Integer overflow - debian/patches/CVE_2022_23521_and_41903/00*.patch: attr.c, attr.h, pretty.c, column.c, utf8.c, utf8.h, t/t4205-log-pretty-formats.sh, t/test-lib.sh, git-compat-util.h, t/t0003-attributes.sh. - CVE-2022-23521 - CVE-2022-41903 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 12 Jan 2023 09:56:29 -0300
Available diffs
git (1:2.17.1-1ubuntu0.14) bionic-security; urgency=medium * SECURITY UPDATE: Integer overflow - debian/patches/CVE_2022_23521_and_41903/00*.patch: attr.c, attr.h, pretty.c, column.c, utf8.c, utf8.h, t/t4205-log-pretty-formats.sh, t/test-lib.sh, git-compat-util.h, t/t0003-attributes.sh. - CVE-2022-23521 - CVE-2022-41903 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 12 Jan 2023 11:48:11 -0300
Available diffs
git (1:2.38.1-1ubuntu2) lunar; urgency=medium * d/p/fix-cpuinfo-regexp.patch: fix cpuinfo regexp to accomodate the way s390x shows it (LP: #1997475) -- Andreas Hasenack <email address hidden> Tue, 22 Nov 2022 14:25:40 -0300
Available diffs
git (1:2.37.2-1ubuntu1.1) kinetic-security; urgency=medium * SECURITY UPDATE: Unexpected behavior - debian/patches/CVE-2022-39253-*.patch: disallow --local clones with symlinks and additionally changed the protocol.file.allow to be user by default in builtin/clone.c, transport.c, and modified tests in t/t5604-clone-reference.sh, lib-submodule-update.sh, t/t1091-sparse-checkout-builtin.sh, t/t1500-rev-parse.sh, t/t2400-worktree-add.sh, t/t2403-worktree-move.sh, t/t2405-worktree-submodule.sh, t/t3200-branch.sh, t/t3420-rebase-autostash.sh, t/t3426-rebase-submodule.sh, t/t3512-cherry-pick-submodule.sh, t/t3600-rm.sh, t/t3906-stash-submodule.sh, t/t4059-diff-submodule-not-initialized.sh, t/t4060-diff-submodule-option-diff-format.sh, t/t4067-diff-partial-clone.sh, t/t4208-log-magic-pathspec.sh, t/t5510-fetch.sh, t/t5526-fetch-submodules.sh, t/t5545-push-options.sh, t/t5572-pull-submodule.sh, t/t5601-clone.sh, t/t5614-clone-submodules-shallow.sh, t/t5616-partial-clone.sh, t/t5617-clone-submodules-remote.sh, t/t6008-rev-list-submodule.sh, t/t6134-pathspec-in-submodule.sh, t/t7001-mv.sh, t/t7064-wtstatus-pv2.sh, t/t7300-clean.sh, t/t7400-submodule-basic.sh, t/t7403-submodule-sync.sh, t/t7406-submodule-update.sh, t/t7407-submodule-foreach.sh, t/t7408-submodule-reference.sh, t/t7409-submodule-detached-work-tree.sh, t/t7411-submodule-config.sh, t/t7413-submodule-is-active.sh, t/t7414-submodule-mistakes.sh, t/t7415-submodule-names.sh, t/t7416-submodule-dash-url.sh, t/t7417-submodule-path-url.sh, t/t7418-submodule-sparse-gitmodules.sh, t/t7419-submodule-set-branch.sh, t/t7420-submodule-set-url.sh, t/t7421-submodule-summary-add.sh, t/t7506-status-submodule.sh, t/t7507-commit-verbose.sh, t/t7800-difftool.sh, t/t7814-grep-recurse-submodules.sh, t/t9304-fast-import-marks.sh, t/t9350-fast-export.sh, t/t1092-sparse-checkout-compatibility.sh, t/t2080-parallel-checkout-basics.sh, t/t7450-bad-git-dotfiles.sh. - CVE-2022-39253 * SECURITY UPDATE: Arbitrary heap writes - debian/patches/CVE-2022-39260-*.patch: limit size of interactive commands and reject too-long cmdline strings in split cmdline() in shell.c, t/t9850-shell.sh, alias.c. - CVE-2022-39260 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 14 Nov 2022 16:44:48 -0300
Available diffs
Superseded in lunar-proposed |
git (1:2.38.1-1ubuntu1) lunar; urgency=low * Merge from Debian unstable. Remaining changes: - Build diff-highlight in the contrib dir - Don't build-depend on subversion on i386, it is not reasonable to support on the partial arch.
Available diffs
- diff from 1:2.37.2-1ubuntu1 to 1:2.38.1-1ubuntu1 (731.0 KiB)
git (1:2.17.1-1ubuntu0.13) bionic-security; urgency=medium * SECURITY UPDATE: Unexpected behavior - debian/patches/CVE-2022-39253-*.patch: disallow --local clones with symlinks and additionally changed the protocol.file.allow to be user by default in builtin/clone.c, transport.c, and modified tests in t/t5604-clone-reference.sh, lib-submodule-update.sh, t/t1091-sparse-checkout-builtin.sh, t/t1500-rev-parse.sh, t/t2400-worktree-add.sh, t/t2403-worktree-move.sh, t/t2405-worktree-submodule.sh, t/t3200-branch.sh, t/t3420-rebase-autostash.sh, t/t3426-rebase-submodule.sh, t/t3512-cherry-pick-submodule.sh, t/t3600-rm.sh, t/t3906-stash-submodule.sh, t/t4059-diff-submodule-not-initialized.sh, t/t4060-diff-submodule-option-diff-format.sh, t/t4067-diff-partial-clone.sh, t/t4208-log-magic-pathspec.sh, t/t5510-fetch.sh, t/t5526-fetch-submodules.sh, t/t5545-push-options.sh, t/t5572-pull-submodule.sh, t/t5601-clone.sh, t/t5614-clone-submodules-shallow.sh, t/t5616-partial-clone.sh, t/t5617-clone-submodules-remote.sh, t/t6008-rev-list-submodule.sh, t/t6134-pathspec-in-submodule.sh, t/t7001-mv.sh, t/t7064-wtstatus-pv2.sh, t/t7300-clean.sh, t/t7400-submodule-basic.sh, t/t7403-submodule-sync.sh, t/t7406-submodule-update.sh, t/t7407-submodule-foreach.sh, t/t7408-submodule-reference.sh, t/t7409-submodule-detached-work-tree.sh, t/t7411-submodule-config.sh, t/t7413-submodule-is-active.sh, t/t7414-submodule-mistakes.sh, t/t7415-submodule-names.sh, t/t7416-submodule-dash-url.sh, t/t7417-submodule-path-url.sh, t/t7418-submodule-sparse-gitmodules.sh, t/t7419-submodule-set-branch.sh, t/t7420-submodule-set-url.sh, t/t7421-submodule-summary-add.sh, t/t7506-status-submodule.sh, t/t7507-commit-verbose.sh, t/t7800-difftool.sh, t/t7814-grep-recurse-submodules.sh, t/t9304-fast-import-marks.sh, t/t9350-fast-export.sh, t/t1092-sparse-checkout-compatibility.sh, t/t2080-parallel-checkout-basics.sh, t/t7450-bad-git-dotfiles.sh. - CVE-2022-39253 * SECURITY UPDATE: Arbitrary heap writes - debian/patches/CVE-2022-39260-*.patch: limit size of interactive commands and reject too-long cmdline strings in split cmdline() in shell.c, t/t9850-shell.sh, alias.c. - CVE-2022-39260 -- Leonidas Da Silva Barbosa <email address hidden> Fri, 14 Oct 2022 11:15:33 -0300
Available diffs
git (1:2.25.1-1ubuntu3.6) focal-security; urgency=medium * SECURITY UPDATE: Unexpected behavior - debian/patches/CVE-2022-39253-*.patch: disallow --local clones with symlinks and additionally changed the protocol.file.allow to be user by default in builtin/clone.c, transport.c, and modified tests in t/t5604-clone-reference.sh, lib-submodule-update.sh, t/t1091-sparse-checkout-builtin.sh, t/t1500-rev-parse.sh, t/t2400-worktree-add.sh, t/t2403-worktree-move.sh, t/t2405-worktree-submodule.sh, t/t3200-branch.sh, t/t3420-rebase-autostash.sh, t/t3426-rebase-submodule.sh, t/t3512-cherry-pick-submodule.sh, t/t3600-rm.sh, t/t3906-stash-submodule.sh, t/t4059-diff-submodule-not-initialized.sh, t/t4060-diff-submodule-option-diff-format.sh, t/t4067-diff-partial-clone.sh, t/t4208-log-magic-pathspec.sh, t/t5510-fetch.sh, t/t5526-fetch-submodules.sh, t/t5545-push-options.sh, t/t5572-pull-submodule.sh, t/t5601-clone.sh, t/t5614-clone-submodules-shallow.sh, t/t5616-partial-clone.sh, t/t5617-clone-submodules-remote.sh, t/t6008-rev-list-submodule.sh, t/t6134-pathspec-in-submodule.sh, t/t7001-mv.sh, t/t7064-wtstatus-pv2.sh, t/t7300-clean.sh, t/t7400-submodule-basic.sh, t/t7403-submodule-sync.sh, t/t7406-submodule-update.sh, t/t7407-submodule-foreach.sh, t/t7408-submodule-reference.sh, t/t7409-submodule-detached-work-tree.sh, t/t7411-submodule-config.sh, t/t7413-submodule-is-active.sh, t/t7414-submodule-mistakes.sh, t/t7415-submodule-names.sh, t/t7416-submodule-dash-url.sh, t/t7417-submodule-path-url.sh, t/t7418-submodule-sparse-gitmodules.sh, t/t7419-submodule-set-branch.sh, t/t7420-submodule-set-url.sh, t/t7421-submodule-summary-add.sh, t/t7506-status-submodule.sh, t/t7507-commit-verbose.sh, t/t7800-difftool.sh, t/t7814-grep-recurse-submodules.sh, t/t9304-fast-import-marks.sh, t/t9350-fast-export.sh, t/t1092-sparse-checkout-compatibility.sh, t/t2080-parallel-checkout-basics.sh, t/t7450-bad-git-dotfiles.sh. - CVE-2022-39253 * SECURITY UPDATE: Arbitrary heap writes - debian/patches/CVE-2022-39260-*.patch: limit size of interactive commands and reject too-long cmdline strings in split cmdline() in shell.c, t/t9850-shell.sh, alias.c. - CVE-2022-39260 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 13 Oct 2022 13:36:40 -0300
Available diffs
git (1:2.34.1-1ubuntu1.5) jammy-security; urgency=medium * SECURITY UPDATE: Unexpected behavior - debian/patches/CVE-2022-39253-*.patch: disallow --local clones with symlinks and additionally changed the protocol.file.allow to be user by default in builtin/clone.c, transport.c, and modified tests in t/t5604-clone-reference.sh, lib-submodule-update.sh, t/t1091-sparse-checkout-builtin.sh, t/t1500-rev-parse.sh, t/t2400-worktree-add.sh, t/t2403-worktree-move.sh, t/t2405-worktree-submodule.sh, t/t3200-branch.sh, t/t3420-rebase-autostash.sh, t/t3426-rebase-submodule.sh, t/t3512-cherry-pick-submodule.sh, t/t3600-rm.sh, t/t3906-stash-submodule.sh, t/t4059-diff-submodule-not-initialized.sh, t/t4060-diff-submodule-option-diff-format.sh, t/t4067-diff-partial-clone.sh, t/t4208-log-magic-pathspec.sh, t/t5510-fetch.sh, t/t5526-fetch-submodules.sh, t/t5545-push-options.sh, t/t5572-pull-submodule.sh, t/t5601-clone.sh, t/t5614-clone-submodules-shallow.sh, t/t5616-partial-clone.sh, t/t5617-clone-submodules-remote.sh, t/t6008-rev-list-submodule.sh, t/t6134-pathspec-in-submodule.sh, t/t7001-mv.sh, t/t7064-wtstatus-pv2.sh, t/t7300-clean.sh, t/t7400-submodule-basic.sh, t/t7403-submodule-sync.sh, t/t7406-submodule-update.sh, t/t7407-submodule-foreach.sh, t/t7408-submodule-reference.sh, t/t7409-submodule-detached-work-tree.sh, t/t7411-submodule-config.sh, t/t7413-submodule-is-active.sh, t/t7414-submodule-mistakes.sh, t/t7415-submodule-names.sh, t/t7416-submodule-dash-url.sh, t/t7417-submodule-path-url.sh, t/t7418-submodule-sparse-gitmodules.sh, t/t7419-submodule-set-branch.sh, t/t7420-submodule-set-url.sh, t/t7421-submodule-summary-add.sh, t/t7506-status-submodule.sh, t/t7507-commit-verbose.sh, t/t7800-difftool.sh, t/t7814-grep-recurse-submodules.sh, t/t9304-fast-import-marks.sh, t/t9350-fast-export.sh, t/t1092-sparse-checkout-compatibility.sh, t/t2080-parallel-checkout-basics.sh, t/t7450-bad-git-dotfiles.sh. - CVE-2022-39253 * SECURITY UPDATE: Arbitrary heap writes - debian/patches/CVE-2022-39260-*.patch: limit size of interactive commands and reject too-long cmdline strings in split cmdline() in shell.c, t/t9850-shell.sh, alias.c. - CVE-2022-39260 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 13 Oct 2022 09:33:36 -0300
Available diffs
Superseded in lunar-release |
Obsolete in kinetic-release |
Deleted in kinetic-proposed (Reason: Moved to kinetic) |
git (1:2.37.2-1ubuntu1) kinetic; urgency=low * Merge from Debian unstable. Remaining changes: - Build diff-highlight in the contrib dir - Don't build-depend on subversion on i386, it is not reasonable to support on the partial arch. * Dropped changes, included upstream: - debian/patches/CVE-2022-29187-1.patch: adds test to regression git needs safe.directory when using sudo in t/t0034-root-safe-directory.sh. - debian/patches/CVE-2022-29187-2.patch: avoid failing dir ownership checks if running privileged in git-compat-util.h, t/t0034-root-safe-directory.sh. - debian/patches/CVE-2022-29187-3.patch: add negative tests and allow git init to mostly work under sudo in t/lib-sudo.sh b/t/lib-sudo.sh. - debian/patches/CVE-2022-29187-4.patch: allow root to access both SUDO_UID and root owned in git-compat-util.h, t/t0034-root-safe-directory.sh. - debian/patches/CVE-2022-29187-6.patch: tighten ownership checks post CVE-2022-24765 in setup.c.
Available diffs
git (1:2.36.1-1ubuntu2) kinetic; urgency=medium * SECURITY UPDATE: Potential arbitrary code execution - debian/patches/CVE-2022-29187-1.patch: adds test to regression git needs safe.directory when using sudo in t/t0034-root-safe-directory.sh. - debian/patches/CVE-2022-29187-2.patch: avoid failing dir ownership checks if running privileged in git-compat-util.h, t/t0034-root-safe-directory.sh. - debian/patches/CVE-2022-29187-3.patch: add negative tests and allow git init to mostly work under sudo in t/lib-sudo.sh b/t/lib-sudo.sh. - debian/patches/CVE-2022-29187-4.patch: allow root to access both SUDO_UID and root owned in git-compat-util.h, t/t0034-root-safe-directory.sh. - debian/patches/CVE-2022-29187-6.patch: tighten ownership checks post CVE-2022-24765 in setup.c. - CVE-2022-29187 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 14 Jul 2022 15:05:33 -0300
Available diffs
git (1:2.34.1-1ubuntu1.4) jammy-security; urgency=medium * SECURITY UPDATE: Potential arbitrary code execution - debian/patches/CVE-2022-29187-1.patch: adds test to regression git needs safe.directory when using sudo in t/t0034-root-safe-directory.sh. - debian/patches/CVE-2022-29187-2.patch: avoid failing dir ownership checks if running privileged in git-compat-util.h, t/t0034-root-safe-directory.sh. - debian/patches/CVE-2022-29187-3.patch: add negative tests and allow git init to mostly work under sudo in t/lib-sudo.sh b/t/lib-sudo.sh. - debian/patches/CVE-2022-29187-4.patch: allow root to access both SUDO_UID and root owned in git-compat-util.h, t/t0034-root-safe-directory.sh. - debian/patches/CVE-2022-29187-5.patch: add tests for safe.directory in t/t0033-safe-directory.sh, setup.c. - debian/patches/CVE-2022-29187-6.patch: tighten ownership checks post CVE-2022-24765 in setup.c. - CVE-2022-29187 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 05 Jul 2022 10:11:29 -0300
Available diffs
git (1:2.32.0-1ubuntu1.3) impish-security; urgency=medium * SECURITY UPDATE: Potential arbitrary code execution - debian/patches/CVE-2022-29187-1.patch: adds test to regression git needs safe.directory when using sudo in t/t0034-root-safe-directory.sh. - debian/patches/CVE-2022-29187-2.patch: avoid failing dir ownership checks if running privileged in git-compat-util.h, t/t0034-root-safe-directory.sh. - debian/patches/CVE-2022-29187-3.patch: add negative tests and allow git init to mostly work under sudo in t/lib-sudo.sh b/t/lib-sudo.sh. - debian/patches/CVE-2022-29187-4.patch: allow root to access both SUDO_UID and root owned in git-compat-util.h, t/t0034-root-safe-directory.sh. - debian/patches/CVE-2022-29187-5.patch: add tests for safe.directory in t/t0033-safe-directory.sh, setup.c. - debian/patches/CVE-2022-29187-6.patch: tighten ownership checks post CVE-2022-24765 in setup.c. - CVE-2022-29187 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 05 Jul 2022 11:17:07 -0300
Available diffs
git (1:2.25.1-1ubuntu3.5) focal-security; urgency=medium * SECURITY UPDATE: Potential arbitrary code execution - debian/patches/CVE-2022-29187-1.patch: adds test to regression git needs safe.directory when using sudo in t/t0034-root-safe-directory.sh. - debian/patches/CVE-2022-29187-2.patch: avoid failing dir ownership checks if running privileged in git-compat-util.h, t/t0034-root-safe-directory.sh. - debian/patches/CVE-2022-29187-3.patch: add negative tests and allow git init to mostly work under sudo in t/lib-sudo.sh b/t/lib-sudo.sh. - debian/patches/CVE-2022-29187-4.patch: allow root to access both SUDO_UID and root owned in git-compat-util.h, t/t0034-root-safe-directory.sh. - debian/patches/CVE-2022-29187-5.patch: add tests for safe.directory in t/t0033-safe-directory.sh, setup.c. - debian/patches/CVE-2022-29187-6.patch: tighten ownership checks post CVE-2022-24765 in setup.c. - CVE-2022-29187 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 05 Jul 2022 12:13:30 -0300
Available diffs
git (1:2.17.1-1ubuntu0.12) bionic-security; urgency=medium * SECURITY UPDATE: Potential arbitrary code execution - debian/patches/CVE-2022-29187-1.patch: adds test to regression git needs safe.directory when using sudo in t/t0034-root-safe-directory.sh. - debian/patches/CVE-2022-29187-2.patch: avoid failing dir ownership checks if running privileged in git-compat-util.h, t/t0034-root-safe-directory.sh. - debian/patches/CVE-2022-29187-3.patch: add negative tests and allow git init to mostly work under sudo in t/lib-sudo.sh b/t/lib-sudo.sh. - debian/patches/CVE-2022-29187-4.patch: allow root to access both SUDO_UID and root owned in git-compat-util.h, t/t0034-root-safe-directory.sh. - debian/patches/CVE-2022-29187-5.patch: add tests for safe.directory in t/t0033-safe-directory.sh, setup.c. - debian/patches/CVE-2022-29187-6.patch: tighten ownership checks post CVE-2022-24765 in setup.c. - CVE-2022-29187 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 05 Jul 2022 12:47:55 -0300
Available diffs
git (1:2.36.1-1ubuntu1) kinetic; urgency=low * Merge from Debian unstable. Remaining changes: - Build diff-highlight in the contrib dir - Don't build-depend on subversion on i386, it is not reasonable to support on the partial arch.
Available diffs
Superseded in kinetic-proposed |
git (1:2.34.1-1ubuntu1.3) kinetic; urgency=medium * Rebuild against new libicu71. -- Gianfranco Costamagna <email address hidden> Mon, 23 May 2022 12:07:45 +0200
Available diffs
git (1:2.32.0-1ubuntu1.2) impish-security; urgency=medium * SECURITY REGRESSION: Previous update was incomplete causing regressions and not correctly fixing the issue. - debian/patches/CVE-2022-24765-5.patch: fix safe.directory key not being checked in setup.c. - debian/patches/CVE-2022-24765-6.patch: opt-out of check with safe.directory=* in setup.c. (LP: #1970260) -- Leonidas Da Silva Barbosa <email address hidden> Mon, 25 Apr 2022 20:20:02 -0300
Available diffs
git (1:2.34.1-1ubuntu1.2) jammy; urgency=medium * SECURITY REGRESSION: Previous update was incomplete causing regressions and not correctly fixing the issue. - debian/patches/CVE-2022-24765-5.patch: fix safe.directory key not being checked in setup.c. - debian/patches/CVE-2022-24765-6.patch: opt-out of check with safe.directory=* in setup.c. (LP: #1970260) -- Leonidas Da Silva Barbosa <email address hidden> Mon, 25 Apr 2022 20:14:03 -0300
Available diffs
git (1:2.17.1-1ubuntu0.11) bionic-security; urgency=medium * SECURITY REGRESSION: Previous update was incomplete causing regressions and not correctly fixing the issue. - debian/patches/CVE-2022-24765-5.patch: fix safe.directory key not being checked in setup.c. - debian/patches/CVE-2022-24765-6.patch: opt-out of check with safe.directory=* in setup.c. (LP: #1970260) -- Leonidas Da Silva Barbosa <email address hidden> Mon, 25 Apr 2022 20:28:52 -0300
Available diffs
git (1:2.25.1-1ubuntu3.4) focal-security; urgency=medium * SECURITY REGRESSION: Previous update was incomplete causing regressions and not correctly fixing the issue. - debian/patches/CVE-2022-24765-5.patch: fix safe.directory key not being checked in setup.c. - debian/patches/CVE-2022-24765-6.patch: opt-out of check with safe.directory=* in setup.c. (LP: #1970260) -- Leonidas Da Silva Barbosa <email address hidden> Mon, 25 Apr 2022 20:21:34 -0300
Available diffs
Superseded in kinetic-proposed |
Superseded in kinetic-proposed |
Superseded in jammy-updates |
Superseded in jammy-security |
git (1:2.34.1-1ubuntu1.1) jammy-security; urgency=medium * SECURITY UPDATE: Run commands in diff users - debian/patches/CVE-2022-24765-*.patch: fix GIT_CEILING_DIRECTORIES; add an owner check for the top-level-directory; add a function to determine whether a path is owned by the current user in patch.c, t/t0060-path-utils.sh, setup.c, compat/mingw.c, compat/mingw.h, git-compat-util.h. - CVE-2022-24765 -- Leonidas Da Silva Barbosa <email address hidden> Fri, 08 Apr 2022 08:43:25 -0300
Available diffs
git (1:2.17.1-1ubuntu0.10) bionic-security; urgency=medium * SECURITY UPDATE: Run commands in diff users - debian/patches/CVE-2022-24765-*.patch: fix GIT_CEILING_DIRECTORIES; add an owner check for the top-level-directory; add a function to determine whether a path is owned by the current user in patch.c, t/t0060-path-utils.sh, setup.c, compat/mingw.c, compat/mingw.h, git-compat-util.hi, config.c, config.h. - CVE-2022-24765 -- Leonidas Da Silva Barbosa <email address hidden> Fri, 08 Apr 2022 10:49:20 -0300
Available diffs
git (1:2.25.1-1ubuntu3.3) focal-security; urgency=medium * SECURITY UPDATE: Run commands in diff users - debian/patches/CVE-2022-24765-*.patch: fix GIT_CEILING_DIRECTORIES; add an owner check for the top-level-directory; add a function to determine whether a path is owned by the current user in patch.c, t/t0060-path-utils.sh, setup.c, compat/mingw.c, compat/mingw.h, git-compat-util.h. - CVE-2022-24765 -- Leonidas Da Silva Barbosa <email address hidden> Fri, 08 Apr 2022 09:57:16 -0300
Available diffs
git (1:2.32.0-1ubuntu1.1) impish-security; urgency=medium * SECURITY UPDATE: Run commands in diff users - debian/patches/CVE-2022-24765-*.patch: fix GIT_CEILING_DIRECTORIES; add an owner check for the top-level-directory; add a function to determine whether a path is owned by the current user in patch.c, t/t0060-path-utils.sh, setup.c, compat/mingw.c, compat/mingw.h, git-compat-util.h. - CVE-2022-24765 -- Leonidas Da Silva Barbosa <email address hidden> Fri, 08 Apr 2022 09:38:33 -0300
Available diffs
Superseded in kinetic-release |
Published in jammy-release |
Deleted in jammy-proposed (Reason: Moved to jammy) |
git (1:2.34.1-1ubuntu1) jammy; urgency=low * Merge from Debian unstable. Remaining changes: - Build diff-highlight in the contrib dir - Don't build-depend on subversion on i386, it is not reasonable to support on the partial arch.
Available diffs
git (1:2.33.1-1ubuntu1) jammy; urgency=low [ Ubuntu Merge-o-Matic ] * Merge from Debian unstable. Remaining changes: - Build diff-highlight in the contrib dir - Don't build-depend on subversion on i386, it is not reasonable to support on the partial arch.
Available diffs
git (1:2.25.1-1ubuntu3.2) focal-security; urgency=medium * SECURITY UPDATE: cross-protocol request via newline character in repo path - debian/patches/CVE-2021-40330.patch: forbid newline in git:// hosts and repo paths - CVE-2021-40330 -- Spyros Seimenis <email address hidden> Thu, 09 Sep 2021 14:42:33 +0300
Available diffs
git (1:2.17.1-1ubuntu0.9) bionic-security; urgency=medium * SECURITY UPDATE: cross-protocol request via newline character in repo path - debian/patches/CVE-2021-40330.patch: forbid newline in git:// hosts and repo paths - CVE-2021-40330 -- Spyros Seimenis <email address hidden> Thu, 09 Sep 2021 18:03:10 +0300
Available diffs
Superseded in jammy-release |
Obsolete in impish-release |
Deleted in impish-proposed (Reason: Moved to impish) |
git (1:2.32.0-1ubuntu1) impish; urgency=medium * Merge with Debian; remaining changes: - Build diff-highlight in the contrib dir - Don't build-depend on subversion on i386, it is not reasonable to support on the partial arch.
Available diffs
git (1:2.31.1-1ubuntu1) impish; urgency=medium * Merge with Debian; remaining changes: - Build diff-highlight in the contrib dir - Don't build-depend on subversion on i386, it is not reasonable to support on the partial arch.
Available diffs
Superseded in impish-release |
Obsolete in hirsute-release |
Deleted in hirsute-proposed (Reason: Moved to hirsute) |
git (1:2.30.2-1ubuntu1) hirsute; urgency=medium * Merge with Debian; remaining changes: - Build diff-highlight in the contrib dir - Don't build-depend on subversion on i386, it is not reasonable to support on the partial arch.
Available diffs
git (1:2.25.1-1ubuntu3.1) focal-security; urgency=medium * SECURITY UPDATE: remote code exec during clone on case-insensitive FS - debian/patches/CVE-2021-21300.patch: fix bug that makes checkout follow symlinks in leading path in cache.h, compat/mingw.c, git-compat-util.h, run-command.c, symlinks.c, t/t0021-conversion.sh, t/t0021/rot13-filter.pl, t/t2006-checkout-index-basic.sh, unpack-trees.c. - CVE-2021-21300 -- Marc Deslauriers <email address hidden> Thu, 04 Mar 2021 08:01:28 -0500
Available diffs
git (1:2.17.1-1ubuntu0.8) bionic-security; urgency=medium * SECURITY UPDATE: remote code exec during clone on case-insensitive FS - debian/patches/CVE-2021-21300.patch: fix bug that makes checkout follow symlinks in leading path in cache.h, compat/mingw.c, git-compat-util.h, run-command.c, symlinks.c, t/t0021-conversion.sh, t/t0021/rot13-filter.pl, t/t2006-checkout-index-basic.sh, unpack-trees.c. - CVE-2021-21300 -- Marc Deslauriers <email address hidden> Thu, 04 Mar 2021 08:02:54 -0500
Available diffs
git (1:2.27.0-1ubuntu1.1) groovy-security; urgency=medium * SECURITY UPDATE: remote code exec during clone on case-insensitive FS - debian/patches/CVE-2021-21300.patch: fix bug that makes checkout follow symlinks in leading path in cache.h, compat/mingw.c, git-compat-util.h, run-command.c, symlinks.c, t/t0021-conversion.sh, t/t0021/rot13-filter.pl, t/t2006-checkout-index-basic.sh, unpack-trees.c. - CVE-2021-21300 -- Marc Deslauriers <email address hidden> Thu, 04 Mar 2021 07:55:16 -0500
Available diffs
git (1:2.7.4-0ubuntu1.10) xenial-security; urgency=medium * SECURITY UPDATE: remote code exec during clone on case-insensitive FS - debian/patches/CVE-2021-21300.patch: fix bug that makes checkout follow symlinks in leading path in cache.h, compat/mingw.c, git-compat-util.h, run-command.c, symlinks.c, t/t0021-conversion.sh, t/t2006-checkout-index-basic.sh, unpack-trees.c. - CVE-2021-21300 -- Marc Deslauriers <email address hidden> Thu, 04 Mar 2021 08:04:31 -0500
Available diffs
git (1:2.30.1-1ubuntu1) hirsute; urgency=medium * Merge with Debian; remaining changes: - Build diff-highlight in the contrib dir - Don't build-depend on subversion on i386, it is not reasonable to support on the partial arch.
Available diffs
git (1:2.30.0-1ubuntu1) hirsute; urgency=low * Merge from Debian unstable. Remaining changes: - Build diff-highlight in the contrib dir - Don't build-depend on subversion on i386, it is not reasonable to support on the partial arch.
Available diffs
git (1:2.29.2-1ubuntu1) hirsute; urgency=low * Merge from Debian unstable. Remaining changes: - Build diff-highlight in the contrib dir (closes: #868871, LP: #1713690) - Don't build-depend on subversion on i386, it is not reasonable to support on the partial arch.
Available diffs
git (1:2.28.0-1ubuntu1) hirsute; urgency=low * Merge from Debian unstable. Remaining changes: - Build diff-highlight in the contrib dir (closes: #868871, LP: #1713690) - Don't build-depend on subversion on i386, it is not reasonable to support on the partial arch.
Available diffs
- diff from 1:2.27.0-1ubuntu1 to 1:2.28.0-1ubuntu1 (677.2 KiB)
Superseded in hirsute-release |
Obsolete in groovy-release |
Deleted in groovy-proposed (Reason: moved to Release) |
git (1:2.27.0-1ubuntu1) groovy; urgency=low * Merge from Debian unstable. Remaining changes: - Build diff-highlight in the contrib dir (closes: #868871, LP: #1713690) - Don't build-depend on subversion on i386, it is not reasonable to support on the partial arch.
Available diffs
git (1:2.27.0~rc0-1ubuntu1) groovy; urgency=low * Merge from Debian unstable. Remaining changes: - Build diff-highlight in the contrib dir (closes: #868871, LP: #1713690) - Don't build-depend on subversion on i386, it is not reasonable to support on the partial arch. * Drop security update patches, included upstream.
Available diffs
git (1:2.7.4-0ubuntu1.9) xenial-security; urgency=medium * SECURITY UPDATE: credential helper issue with missing host or scheme - debian/patches/CVE-2020-11008-1.patch: make "quit" helper more realistic in t/t0300-credentials.sh. - debian/patches/CVE-2020-11008-2.patch: use more realistic inputs in t/t0300-credentials.sh. - debian/patches/CVE-2020-11008-3.patch: parse URL without host as empty host, not unset in credential.c, http.c, t/t0300-credentials.sh. - debian/patches/CVE-2020-11008-4.patch: refuse to operate when missing host or protocol in credential.c, t/t0300-credentials.sh. - debian/patches/CVE-2020-11008-5.patch: convert gitmodules url to URL passed to curl in fsck.c, t/t7416-submodule-dash-url.sh. - debian/patches/CVE-2020-11008-6.patch: die() when parsing invalid urls in credential.c, t/t0300-credentials.sh. - debian/patches/CVE-2020-11008-7.patch: treat URL without scheme as invalid in credential.c, fsck.c, t/t7416-submodule-dash-url.sh. - debian/patches/CVE-2020-11008-8.patch: treat URL with empty scheme as invalid in credential.c, t/t5550-http-fetch-dumb.sh, t/t7416-submodule-dash-url.sh. - debian/patches/CVE-2020-11008-9.patch: reject URL with empty host in .gitmodules in fsck.c, t/t7416-submodule-dash-url.sh. - CVE-2020-11008 -- Marc Deslauriers <email address hidden> Mon, 20 Apr 2020 12:24:43 -0400
Available diffs
git (1:2.17.1-1ubuntu0.7) bionic-security; urgency=medium * SECURITY UPDATE: credential helper issue with missing host or scheme - debian/patches/CVE-2020-11008-1.patch: make "quit" helper more realistic in t/t0300-credentials.sh. - debian/patches/CVE-2020-11008-2.patch: use more realistic inputs in t/t0300-credentials.sh. - debian/patches/CVE-2020-11008-3.patch: parse URL without host as empty host, not unset in credential.c, http.c, t/t0300-credentials.sh. - debian/patches/CVE-2020-11008-4.patch: refuse to operate when missing host or protocol in credential.c, t/t0300-credentials.sh. - debian/patches/CVE-2020-11008-5.patch: convert gitmodules url to URL passed to curl in fsck.c, t/t7416-submodule-dash-url.sh. - debian/patches/CVE-2020-11008-6.patch: die() when parsing invalid urls in credential.c, t/t0300-credentials.sh. - debian/patches/CVE-2020-11008-7.patch: treat URL without scheme as invalid in credential.c, fsck.c, t/t5550-http-fetch-dumb.sh, t/t7416-submodule-dash-url.sh. - debian/patches/CVE-2020-11008-8.patch: treat URL with empty scheme as invalid in credential.c, t/t5550-http-fetch-dumb.sh, t/t7416-submodule-dash-url.sh. - debian/patches/CVE-2020-11008-9.patch: reject URL with empty host in .gitmodules in fsck.c, t/t7416-submodule-dash-url.sh. - CVE-2020-11008 -- Marc Deslauriers <email address hidden> Mon, 20 Apr 2020 12:20:37 -0400
Available diffs
Superseded in groovy-release |
Published in focal-release |
Deleted in focal-proposed (Reason: moved to Release) |
git (1:2.25.1-1ubuntu3) focal; urgency=medium * SECURITY UPDATE: credential helper issue with missing host or scheme - debian/patches/CVE-2020-11008-1.patch: make "quit" helper more realistic in t/t0300-credentials.sh. - debian/patches/CVE-2020-11008-2.patch: use more realistic inputs in t/t0300-credentials.sh. - debian/patches/CVE-2020-11008-3.patch: parse URL without host as empty host, not unset in credential.c, http.c, t/t0300-credentials.sh. - debian/patches/CVE-2020-11008-4.patch: refuse to operate when missing host or protocol in credential.c, t/t0300-credentials.sh. - debian/patches/CVE-2020-11008-5.patch: convert gitmodules url to URL passed to curl in fsck.c, t/t7416-submodule-dash-url.sh. - debian/patches/CVE-2020-11008-6.patch: die() when parsing invalid urls in credential.c, t/t0300-credentials.sh. - debian/patches/CVE-2020-11008-7.patch: treat URL without scheme as invalid in credential.c, fsck.c, t/t5550-http-fetch-dumb.sh, t/t7416-submodule-dash-url.sh. - debian/patches/CVE-2020-11008-8.patch: treat URL with empty scheme as invalid in credential.c, t/t5550-http-fetch-dumb.sh, t/t7416-submodule-dash-url.sh. - debian/patches/CVE-2020-11008-9.patch: reject URL with empty host in .gitmodules in fsck.c, t/t7416-submodule-dash-url.sh. - CVE-2020-11008 -- Marc Deslauriers <email address hidden> Mon, 20 Apr 2020 11:50:03 -0400
Available diffs
git (1:2.20.1-2ubuntu1.19.10.3) eoan-security; urgency=medium * SECURITY UPDATE: credential helper issue with missing host or scheme - debian/patches/CVE-2020-11008-1.patch: make "quit" helper more realistic in t/t0300-credentials.sh. - debian/patches/CVE-2020-11008-2.patch: use more realistic inputs in t/t0300-credentials.sh. - debian/patches/CVE-2020-11008-3.patch: parse URL without host as empty host, not unset in credential.c, http.c, t/t0300-credentials.sh. - debian/patches/CVE-2020-11008-4.patch: refuse to operate when missing host or protocol in credential.c, t/t0300-credentials.sh. - debian/patches/CVE-2020-11008-5.patch: convert gitmodules url to URL passed to curl in fsck.c, t/t7416-submodule-dash-url.sh. - debian/patches/CVE-2020-11008-6.patch: die() when parsing invalid urls in credential.c, t/t0300-credentials.sh. - debian/patches/CVE-2020-11008-7.patch: treat URL without scheme as invalid in credential.c, fsck.c, t/t5550-http-fetch-dumb.sh, t/t7416-submodule-dash-url.sh. - debian/patches/CVE-2020-11008-8.patch: treat URL with empty scheme as invalid in credential.c, t/t5550-http-fetch-dumb.sh, t/t7416-submodule-dash-url.sh. - debian/patches/CVE-2020-11008-9.patch: reject URL with empty host in .gitmodules in fsck.c, t/t7416-submodule-dash-url.sh. - CVE-2020-11008 -- Marc Deslauriers <email address hidden> Mon, 20 Apr 2020 12:18:11 -0400
git (1:2.25.1-1ubuntu2) focal; urgency=medium * SECURITY UPDATE: credential helper issue with newlines in URL - debian/patches/CVE-2020-5260-1.patch: avoid writing values with newlines in credential.c, t/t0300-credentials.sh. - debian/patches/CVE-2020-5260-2.patch: use test_i18ncmp to check stderr in t/lib-credential.sh. - debian/patches/CVE-2020-5260-3.patch: detect unrepresentable values when parsing urls in credential.c, credential.h, t/t0300-credentials.sh. - debian/patches/CVE-2020-5260-4.patch: detect gitmodules URLs with embedded newlines in fsck.c, t/t7416-submodule-dash-url.sh. - CVE-2020-5260 -- Marc Deslauriers <email address hidden> Tue, 14 Apr 2020 08:31:47 -0400
Available diffs
git (1:2.7.4-0ubuntu1.8) xenial-security; urgency=medium * SECURITY UPDATE: credential helper issue with newlines in URL - debian/patches/CVE-2020-5260-1.patch: avoid writing values with newlines in credential.c, t/t0300-credentials.sh. - debian/patches/CVE-2020-5260-2.patch: use test_i18ncmp to check stderr in t/lib-credential.sh. - debian/patches/CVE-2020-5260-3.patch: detect unrepresentable values when parsing urls in credential.c, credential.h, t/t0300-credentials.sh. - debian/patches/CVE-2020-5260-4.patch: detect gitmodules URLs with embedded newlines in fsck.c, t/t7416-submodule-dash-url.sh. - CVE-2020-5260 -- Marc Deslauriers <email address hidden> Fri, 10 Apr 2020 12:37:56 -0400
Available diffs
git (1:2.20.1-2ubuntu1.19.10.2) eoan-security; urgency=medium * SECURITY UPDATE: credential helper issue with newlines in URL - debian/patches/CVE-2020-5260-1.patch: avoid writing values with newlines in credential.c, t/t0300-credentials.sh. - debian/patches/CVE-2020-5260-2.patch: use test_i18ncmp to check stderr in t/lib-credential.sh. - debian/patches/CVE-2020-5260-3.patch: detect unrepresentable values when parsing urls in credential.c, credential.h, t/t0300-credentials.sh. - debian/patches/CVE-2020-5260-4.patch: detect gitmodules URLs with embedded newlines in fsck.c, t/t7416-submodule-dash-url.sh. - CVE-2020-5260 -- Marc Deslauriers <email address hidden> Fri, 10 Apr 2020 11:53:25 -0400
Available diffs
git (1:2.17.1-1ubuntu0.6) bionic-security; urgency=medium * SECURITY UPDATE: credential helper issue with newlines in URL - debian/patches/CVE-2020-5260-1.patch: avoid writing values with newlines in credential.c, t/t0300-credentials.sh. - debian/patches/CVE-2020-5260-2.patch: use test_i18ncmp to check stderr in t/lib-credential.sh. - debian/patches/CVE-2020-5260-3.patch: detect unrepresentable values when parsing urls in credential.c, credential.h, t/t0300-credentials.sh. - debian/patches/CVE-2020-5260-4.patch: detect gitmodules URLs with embedded newlines in fsck.c, t/t7416-submodule-dash-url.sh. - CVE-2020-5260 -- Marc Deslauriers <email address hidden> Fri, 10 Apr 2020 11:59:06 -0400
Available diffs
1 → 75 of 216 results | First • Previous • Next • Last |