-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 26 Jan 2023 22:59:15 +0800 Source: git Binary: git git-dbgsym Architecture: armel Version: 1:2.30.2-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: arm Build Daemon (arm-conova-01) Changed-By: Aron Xu Description: git - fast, scalable, distributed revision control system Changes: git (1:2.30.2-1+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2022-23521: multiple integer overflows while parsing gitattributes * CVE-2022-24765: owner check for the top-level directory to avoid discovering a repository in a directory that is owned by someone other than the current user, which may lead to arbitary command execution * CVE-2022-29187: code execution and privilege escalation when the repository directory and gitdir have different ownership * CVE-2022-39253: exposure of sensitive information while performing local clone from malicious repository * CVE-2022-39260: integer overflow and out-of-bouns array reads/writes in git shell's command line input processing * CVE-2022-41903: integer overflow in commit formatting machinery Checksums-Sha1: 4d8d9cbf0da9a5e27150bcf592041d9ce9b5a780 31799348 git-dbgsym_2.30.2-1+deb11u1_armel.deb 2d42e5894d2ad77a0b92dea9319200c6db1d9c61 8444 git_2.30.2-1+deb11u1_armel-buildd.buildinfo 40bf15b902f2229b05686e0c9a067dbee00f24c8 5011928 git_2.30.2-1+deb11u1_armel.deb Checksums-Sha256: d117ffa47847d9f9321db5775aef5e5dacdb5dca929d927cd217b555f98b2a11 31799348 git-dbgsym_2.30.2-1+deb11u1_armel.deb 13240e35c4fe370941cbac9e9cd3c4e54157c41cf831eb03393e0762aeefb856 8444 git_2.30.2-1+deb11u1_armel-buildd.buildinfo 0951aed74fd81f980ee65a44d46cd368ff900fb9439ae98b01e47e612fa7efa5 5011928 git_2.30.2-1+deb11u1_armel.deb Files: b61b45ad0022f098ade6b12697f2919b 31799348 debug optional git-dbgsym_2.30.2-1+deb11u1_armel.deb 845ae4bcf9cbf9cfc9d0c9ac794f5b98 8444 vcs optional git_2.30.2-1+deb11u1_armel-buildd.buildinfo 229ef7b5de5fb32b52434ab1766127e4 5011928 vcs optional git_2.30.2-1+deb11u1_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE85cWtWDyjeTR1DyXYfnSkVoQrNkFAmPWGCIACgkQYfnSkVoQ rNm3rg/+LkoodrMFUnzMdSLa2VWR8wkRvhn30LPgVAXqLP7rNZFcKNRvLQP8z/gO 2P+8GEKvkArzzvUU+U521Wi3s5KPVDak48sKV+4JDcBehp0gz9Oh9MtuCzx1AZCP GsCLCwJ1xmo9RsCE3hPmSH85qsATmDa9oqEcTdPBj7Zds2kQy1yFSYbPblj4ARrx oGAZTiUCPapZiwhWvy5sbGhKu/xlG9J10/SwgsQ1d7/Ixyc39d8h9tRmEPeaOaCh rqHlJguqcG4MEfG3/tCO7YSfdE3lPf4BriRq6BlIv0gAW6ej0KkopCbhk2X3ZnaY V0QK5p3Ul6V7cpio0kfiB4nsoI7jcdv80PowaAdvJrSxCw7xUtU48qLNfYgXObL3 G6hfNDtdIyNgJH94UP7KaHryEjEss2r0odgYXGHl9X0ChGWFKdXlcceAkra0vP85 RIRehq5saz272BCX0voAhZDaaXNIwKS/gwVlubx1I5iF424JhvWW2IRaMFum5Ail T/UgcAY573CshxFj80JHmwSF3eJLsHVFQhC7A1VRM/XCV6z1+OVyiyqf9No6QvK2 S2cm7tm36ldmKKNe7GGLCTRwJ/CjEpDi28LKhLSkIJmVC56vsthbkXnPaFBoitqB hcDptDmzB0dQsJsln04n0XsLcR36CyUbkrmc8Y2c8G1B365hEyY= =IVYq -----END PGP SIGNATURE-----