Format: 1.8
Date: Mon, 20 Apr 2020 11:50:03 -0400
Source: git
Binary: git
Architecture: i386 i386_translations
Version: 1:2.25.1-1ubuntu3
Distribution: focal-proposed
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lgw01-amd64-015.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 git        - fast, scalable, distributed revision control system
Changes:
 git (1:2.25.1-1ubuntu3) focal; urgency=medium
 .
   * SECURITY UPDATE: credential helper issue with missing host or scheme
     - debian/patches/CVE-2020-11008-1.patch: make "quit" helper more
       realistic in t/t0300-credentials.sh.
     - debian/patches/CVE-2020-11008-2.patch: use more realistic inputs in
       t/t0300-credentials.sh.
     - debian/patches/CVE-2020-11008-3.patch: parse URL without host as
       empty host, not unset in credential.c, http.c,
       t/t0300-credentials.sh.
     - debian/patches/CVE-2020-11008-4.patch: refuse to operate when missing
       host or protocol in credential.c, t/t0300-credentials.sh.
     - debian/patches/CVE-2020-11008-5.patch: convert gitmodules url to URL
       passed to curl in fsck.c, t/t7416-submodule-dash-url.sh.
     - debian/patches/CVE-2020-11008-6.patch: die() when parsing invalid
       urls in credential.c, t/t0300-credentials.sh.
     - debian/patches/CVE-2020-11008-7.patch: treat URL without scheme as
       invalid in credential.c, fsck.c, t/t5550-http-fetch-dumb.sh,
       t/t7416-submodule-dash-url.sh.
     - debian/patches/CVE-2020-11008-8.patch: treat URL with empty scheme as
       invalid in credential.c, t/t5550-http-fetch-dumb.sh,
       t/t7416-submodule-dash-url.sh.
     - debian/patches/CVE-2020-11008-9.patch: reject URL with empty host in
       .gitmodules in fsck.c, t/t7416-submodule-dash-url.sh.
     - CVE-2020-11008
Checksums-Sha1:
 9a99a114abe61c11da733cf77148300457d35ba3 47675340 git-dbgsym_2.25.1-1ubuntu3_i386.ddeb
 0b02faedfa40c87f9c4bbd2b6d5da179923b29a3 8624 git_2.25.1-1ubuntu3_i386.buildinfo
 f7d4e27ae0bbf964012f86b38517276af1410612 4888252 git_2.25.1-1ubuntu3_i386.deb
 987fe9d53dd70a206ffa60ef5b96e8804083ba29 5129277 git_2.25.1-1ubuntu3_i386_translations.tar.gz
Checksums-Sha256:
 1200bd92f017a75f6f2e4f450eaa7eac77f8854ba848e7a7c0e706f8d0cbd19b 47675340 git-dbgsym_2.25.1-1ubuntu3_i386.ddeb
 6f5c9589fd23bc6dcdc85916ca7b7ae2595294c56dccfbd92d8f8cb780332e0f 8624 git_2.25.1-1ubuntu3_i386.buildinfo
 854e675d6e0dbb2749e7711d068300c934d1d7919478bf87711404e31c0bfc87 4888252 git_2.25.1-1ubuntu3_i386.deb
 9f8d7c3d8557cda6971a85c6f05b5bcac3da12ffcae2eed1cd71dfccba4ca092 5129277 git_2.25.1-1ubuntu3_i386_translations.tar.gz
Files:
 8ed28af275a95de1e5919e6d750d4699 47675340 debug optional git-dbgsym_2.25.1-1ubuntu3_i386.ddeb
 06ffff9863b107019ad0be841f26d098 8624 vcs optional git_2.25.1-1ubuntu3_i386.buildinfo
 04c74318f44d51d767c0849adab4abda 4888252 vcs optional git_2.25.1-1ubuntu3_i386.deb
 15645e930cf82de9e54dd577a41d0997 5129277 raw-translations - git_2.25.1-1ubuntu3_i386_translations.tar.gz
Original-Maintainer: Jonathan Nieder <jrnieder@gmail.com>