Format: 1.8 Date: Thu, 13 Oct 2022 13:36:40 -0300 Source: git Binary: git Architecture: arm64 arm64_translations Version: 1:2.25.1-1ubuntu3.6 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Leonidas Da Silva Barbosa Description: git - fast, scalable, distributed revision control system Changes: git (1:2.25.1-1ubuntu3.6) focal-security; urgency=medium . * SECURITY UPDATE: Unexpected behavior - debian/patches/CVE-2022-39253-*.patch: disallow --local clones with symlinks and additionally changed the protocol.file.allow to be user by default in builtin/clone.c, transport.c, and modified tests in t/t5604-clone-reference.sh, lib-submodule-update.sh, t/t1091-sparse-checkout-builtin.sh, t/t1500-rev-parse.sh, t/t2400-worktree-add.sh, t/t2403-worktree-move.sh, t/t2405-worktree-submodule.sh, t/t3200-branch.sh, t/t3420-rebase-autostash.sh, t/t3426-rebase-submodule.sh, t/t3512-cherry-pick-submodule.sh, t/t3600-rm.sh, t/t3906-stash-submodule.sh, t/t4059-diff-submodule-not-initialized.sh, t/t4060-diff-submodule-option-diff-format.sh, t/t4067-diff-partial-clone.sh, t/t4208-log-magic-pathspec.sh, t/t5510-fetch.sh, t/t5526-fetch-submodules.sh, t/t5545-push-options.sh, t/t5572-pull-submodule.sh, t/t5601-clone.sh, t/t5614-clone-submodules-shallow.sh, t/t5616-partial-clone.sh, t/t5617-clone-submodules-remote.sh, t/t6008-rev-list-submodule.sh, t/t6134-pathspec-in-submodule.sh, t/t7001-mv.sh, t/t7064-wtstatus-pv2.sh, t/t7300-clean.sh, t/t7400-submodule-basic.sh, t/t7403-submodule-sync.sh, t/t7406-submodule-update.sh, t/t7407-submodule-foreach.sh, t/t7408-submodule-reference.sh, t/t7409-submodule-detached-work-tree.sh, t/t7411-submodule-config.sh, t/t7413-submodule-is-active.sh, t/t7414-submodule-mistakes.sh, t/t7415-submodule-names.sh, t/t7416-submodule-dash-url.sh, t/t7417-submodule-path-url.sh, t/t7418-submodule-sparse-gitmodules.sh, t/t7419-submodule-set-branch.sh, t/t7420-submodule-set-url.sh, t/t7421-submodule-summary-add.sh, t/t7506-status-submodule.sh, t/t7507-commit-verbose.sh, t/t7800-difftool.sh, t/t7814-grep-recurse-submodules.sh, t/t9304-fast-import-marks.sh, t/t9350-fast-export.sh, t/t1092-sparse-checkout-compatibility.sh, t/t2080-parallel-checkout-basics.sh, t/t7450-bad-git-dotfiles.sh. - CVE-2022-39253 * SECURITY UPDATE: Arbitrary heap writes - debian/patches/CVE-2022-39260-*.patch: limit size of interactive commands and reject too-long cmdline strings in split cmdline() in shell.c, t/t9850-shell.sh, alias.c. - CVE-2022-39260 Checksums-Sha1: 2ebcc79417ee7b1064a250f9f5d128349f79f1e5 51439016 git-dbgsym_2.25.1-1ubuntu3.6_arm64.ddeb 802900a2244c2278427ac307894e3ec96307a7bb 9298 git_2.25.1-1ubuntu3.6_arm64.buildinfo 6ea9ac10fd134e0f12acc40b5adb010e23ddd2a3 4338036 git_2.25.1-1ubuntu3.6_arm64.deb d43def4392968ad377d2ebc632b14ab4485b0bcd 5120748 git_2.25.1-1ubuntu3.6_arm64_translations.tar.gz Checksums-Sha256: e6f9a0177689d083feff9ca3566949d0720a1f9b3e447103e78e3ee7e41178db 51439016 git-dbgsym_2.25.1-1ubuntu3.6_arm64.ddeb a68e6997f70a1f8dd95001e0e12fd7c7e1e66c62c1764068388d9ce4a79a52b5 9298 git_2.25.1-1ubuntu3.6_arm64.buildinfo 9ebb907de0779ae72adb9302855796c03a4b07a9c52a8f0928bf801fc88ca060 4338036 git_2.25.1-1ubuntu3.6_arm64.deb c37ccf81aa04128a8cc8750eeced12b92e943b1104a0f4b704179d5439f518c1 5120748 git_2.25.1-1ubuntu3.6_arm64_translations.tar.gz Files: b1dfdd3ad57cce11bf68f30048f9e6b5 51439016 debug optional git-dbgsym_2.25.1-1ubuntu3.6_arm64.ddeb f8ee318ff8fbab953b6a2561f4f95d07 9298 vcs optional git_2.25.1-1ubuntu3.6_arm64.buildinfo 017672bd707c64a5402fdb5da65e5956 4338036 vcs optional git_2.25.1-1ubuntu3.6_arm64.deb 69938e293d89e399e6dee81dc7374769 5120748 raw-translations - git_2.25.1-1ubuntu3.6_arm64_translations.tar.gz Original-Maintainer: Jonathan Nieder