-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 26 Jan 2023 22:59:15 +0800 Source: git Binary: git git-dbgsym Architecture: arm64 Version: 1:2.30.2-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: arm Build Daemon (arm-arm-04) Changed-By: Aron Xu Description: git - fast, scalable, distributed revision control system Changes: git (1:2.30.2-1+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2022-23521: multiple integer overflows while parsing gitattributes * CVE-2022-24765: owner check for the top-level directory to avoid discovering a repository in a directory that is owned by someone other than the current user, which may lead to arbitary command execution * CVE-2022-29187: code execution and privilege escalation when the repository directory and gitdir have different ownership * CVE-2022-39253: exposure of sensitive information while performing local clone from malicious repository * CVE-2022-39260: integer overflow and out-of-bouns array reads/writes in git shell's command line input processing * CVE-2022-41903: integer overflow in commit formatting machinery Checksums-Sha1: 724063798e66f4e2ee0120a6560c846cf1eee73c 32978236 git-dbgsym_2.30.2-1+deb11u1_arm64.deb a5aadc33962989d8be7e9c3e752f3e60a596aee7 8515 git_2.30.2-1+deb11u1_arm64-buildd.buildinfo f890320a24e99aeda0be9bb867d1488d9d9e45cb 5430976 git_2.30.2-1+deb11u1_arm64.deb Checksums-Sha256: c42dce328e8b460be950979f0dbe686cc9ea87d76bea0f18647eb8672b3129ab 32978236 git-dbgsym_2.30.2-1+deb11u1_arm64.deb 8bbd458f3d47aa069855524a9a8c5a9134f614a93bbfc2c5852df08d82a416e0 8515 git_2.30.2-1+deb11u1_arm64-buildd.buildinfo e5f7c27408d01d53f162aa77930bcaa74b85a51574ef1180d6f0bb6179f119f7 5430976 git_2.30.2-1+deb11u1_arm64.deb Files: 7e3fd1303a905bf176e41d9f08df8b2d 32978236 debug optional git-dbgsym_2.30.2-1+deb11u1_arm64.deb 4ec9709de9444206ee806c2da3af7697 8515 vcs optional git_2.30.2-1+deb11u1_arm64-buildd.buildinfo 151d89644571d0caab34a427e215bf8b 5430976 vcs optional git_2.30.2-1+deb11u1_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0rJCsRd9UuwwCh7AEqw6fuPcbjYFAmPWFe0ACgkQEqw6fuPc bjbj6hAAxTYgFKtBrKb2J4xKTWesD9BF+U4j3iN1uymfUYSBD0Ab3fab6ElpbGNT 7w+G0fV46UP3eBvgO3xqrdbKFtL5Ut+wvW9Fwb7C4WLx6v8zsrav7SysXV5bG86H mQ1VxHtgxOwl86w0rI1miPAZwDg0uSiY7ZYDiAQR07b90d9Cvku99ZF1eGLsnvWf z4xLHcILFOxnqpuc7ooZZ00lQ+yIjciygDN0iOKCpNPzzZIlTHixkGpj4MEf5h9h q6CdQ+2gOH+AUrbCPFu1K4KBcF4L5lsZo8gJXlRCJs8+L0y8wdaJT/iQnkXq6AST 70AGfjAwYRlNrkF+IYea8sqPCNnIqSa2JTqvSK4xLeP5EFnHzf2fo+XknxDMsLCy 9ACharSd+EqvL3QFV/UfZggZl8pRCBtoDj+ZyVC5ZrEQh+PvDkpjbI5XKZ6JXMhm yaxUaNX6aNAqQiSyxd3Hsr/F8tKN/wNWXC2UmYT0VcNq2yTAhzscO7ye5AvTKHYQ O22SaX2Wd/yyFYCtuXQRGXGbOR9Cv5w2UvsxfEmCjT4bc+Qi7bBzFjHqXKAWUZOr E+2/N6Lihc2skBbpu5OGRaiSm3wtw5MuYQ8mKEM+HMeYDoAl/c1auOSYVMpP7C0a q2GS7fE9oirbs2dMgFTPZR4kbP/7fcrD5/AjuCK7m/m0zKtZtmc= =qRJU -----END PGP SIGNATURE-----