Format: 1.8
Date: Mon, 20 Apr 2020 12:18:11 -0400
Source: git
Binary: git
Architecture: armhf armhf_translations
Version: 1:2.20.1-2ubuntu1.19.10.3
Distribution: eoan
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-arm64-078.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 git        - fast, scalable, distributed revision control system
Changes:
 git (1:2.20.1-2ubuntu1.19.10.3) eoan-security; urgency=medium
 .
   * SECURITY UPDATE: credential helper issue with missing host or scheme
     - debian/patches/CVE-2020-11008-1.patch: make "quit" helper more
       realistic in t/t0300-credentials.sh.
     - debian/patches/CVE-2020-11008-2.patch: use more realistic inputs in
       t/t0300-credentials.sh.
     - debian/patches/CVE-2020-11008-3.patch: parse URL without host as
       empty host, not unset in credential.c, http.c,
       t/t0300-credentials.sh.
     - debian/patches/CVE-2020-11008-4.patch: refuse to operate when missing
       host or protocol in credential.c, t/t0300-credentials.sh.
     - debian/patches/CVE-2020-11008-5.patch: convert gitmodules url to URL
       passed to curl in fsck.c, t/t7416-submodule-dash-url.sh.
     - debian/patches/CVE-2020-11008-6.patch: die() when parsing invalid
       urls in credential.c, t/t0300-credentials.sh.
     - debian/patches/CVE-2020-11008-7.patch: treat URL without scheme as
       invalid in credential.c, fsck.c, t/t5550-http-fetch-dumb.sh,
       t/t7416-submodule-dash-url.sh.
     - debian/patches/CVE-2020-11008-8.patch: treat URL with empty scheme as
       invalid in credential.c, t/t5550-http-fetch-dumb.sh,
       t/t7416-submodule-dash-url.sh.
     - debian/patches/CVE-2020-11008-9.patch: reject URL with empty host in
       .gitmodules in fsck.c, t/t7416-submodule-dash-url.sh.
     - CVE-2020-11008
Checksums-Sha1:
 ce32bc97cc647add50528a87b824e64bf075dc91 44663840 git-dbgsym_2.20.1-2ubuntu1.19.10.3_armhf.ddeb
 21663ecbdbe34b5c968d1d6ae02e05bb259c3fbd 8551 git_2.20.1-2ubuntu1.19.10.3_armhf.buildinfo
 7e6e4807a2c4f4fe7e65aea0631396eae1c33df7 3037948 git_2.20.1-2ubuntu1.19.10.3_armhf.deb
 dd76af3a9deceaa4c989febe927cba51fe5b516c 3893385 git_2.20.1-2ubuntu1.19.10.3_armhf_translations.tar.gz
Checksums-Sha256:
 85c8f756d597a71dad1b6faf64d91323a5ce86d218b05303fc0a08329e6397ac 44663840 git-dbgsym_2.20.1-2ubuntu1.19.10.3_armhf.ddeb
 c9d7cb15fb355af89e88de852130bb5dcacbe9adc5b65ee7f759a60a9599e565 8551 git_2.20.1-2ubuntu1.19.10.3_armhf.buildinfo
 ecca3f3f07ebf909f474c50c377b9d500addf6fa7d9e2f84174db1fff035a649 3037948 git_2.20.1-2ubuntu1.19.10.3_armhf.deb
 07c7d1d1b188b4e3f275a5ee4e118e1249fe885e345b87468eb546bd32ff04be 3893385 git_2.20.1-2ubuntu1.19.10.3_armhf_translations.tar.gz
Files:
 b8eb37bac2b83fb635f5cf7328be71e7 44663840 debug optional git-dbgsym_2.20.1-2ubuntu1.19.10.3_armhf.ddeb
 d446fd3c3f8e734ed22d33325e34756b 8551 vcs optional git_2.20.1-2ubuntu1.19.10.3_armhf.buildinfo
 c984d8c2b59fbec80cff6124bae59997 3037948 vcs optional git_2.20.1-2ubuntu1.19.10.3_armhf.deb
 b195e10ce293f170224b6cf5544532ca 3893385 raw-translations - git_2.20.1-2ubuntu1.19.10.3_armhf_translations.tar.gz
Original-Maintainer: Gerrit Pape <pape@smarden.org>