-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 26 Jan 2023 22:59:15 +0800 Source: git Binary: git git-dbgsym Architecture: armhf Version: 1:2.30.2-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: arm Build Daemon (arm-arm-01) Changed-By: Aron Xu Description: git - fast, scalable, distributed revision control system Changes: git (1:2.30.2-1+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2022-23521: multiple integer overflows while parsing gitattributes * CVE-2022-24765: owner check for the top-level directory to avoid discovering a repository in a directory that is owned by someone other than the current user, which may lead to arbitary command execution * CVE-2022-29187: code execution and privilege escalation when the repository directory and gitdir have different ownership * CVE-2022-39253: exposure of sensitive information while performing local clone from malicious repository * CVE-2022-39260: integer overflow and out-of-bouns array reads/writes in git shell's command line input processing * CVE-2022-41903: integer overflow in commit formatting machinery Checksums-Sha1: 1108fd4cb81df50eeeed5d681e3815de03678356 32287608 git-dbgsym_2.30.2-1+deb11u1_armhf.deb 89c8d282136ee0ba15f9a0fe0ad96a232d15d7da 8446 git_2.30.2-1+deb11u1_armhf-buildd.buildinfo 3a198c4499cb532faeaa64e53a295ab4d30b374a 5112188 git_2.30.2-1+deb11u1_armhf.deb Checksums-Sha256: 23b270e3121079ddc343285d66590865a13fe5463f7abdb3ca75968d4d24f481 32287608 git-dbgsym_2.30.2-1+deb11u1_armhf.deb 121e93a14c6d74a4c032acef3db22dc2b08ca40681ba10f84c373a6adf1578b9 8446 git_2.30.2-1+deb11u1_armhf-buildd.buildinfo 18ca0c00bd1ca030deec0d5f0bec98d46fd0a9a0f711178eaf6581e406c61899 5112188 git_2.30.2-1+deb11u1_armhf.deb Files: c4e4276e8bfa98ed10302f1bdc3ad85e 32287608 debug optional git-dbgsym_2.30.2-1+deb11u1_armhf.deb 454f3c6b55de94b1a9b0738671d8518e 8446 vcs optional git_2.30.2-1+deb11u1_armhf-buildd.buildinfo e33a3ca1d0ca56df93a1e85ce9f03156 5112188 vcs optional git_2.30.2-1+deb11u1_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEZQFXxoklRUh1v2q+Cr4sS911++cFAmPWFacACgkQCr4sS911 ++dFVBAAvsjhrT1hHPT7sbmn2Vqn+qCtg1zLwKuziITpFXWM7Igd1ltk3UpOSA0L BHQ1BDU1V40s4WykyIbDyf59PkvXZHF88ycYNzrkzNARYINRwBIlMwLTMJqQaHmQ ygCWialy79qV4H+9UAyTU3ctKJkSstni+c3DVMa7EA+uAVVZKF+xFfHnSRuMTWyM 6TccpiSdM0D6i2zf8KvxvB5UmKvndpOXz0lMqi7e9qnz1s0fXzfpEYvYj6Bx8YMY IJdGh4Y2GTo9HJL/1q+YvmCe9LeMWC0CRIbxQYp85eLZFTCre7Pyo8IQOwMXpTXm A0hks4wDBT0r0p2cU1lY6gIAUhQL6kMGzBFd/O3Dzg1JyrOfg24/f7hu8dhb2Lqo XZjD88txq4kOpwr2r08InPYeHzeybIDuG8kXgWXEbeHb8/U0V+KYVKtkiFqKoLbZ lSUgczApW0/VdqKO+Mqe9E/G2iYWosoPu4W17tmn7VaMrkPTRKRoM2VKbt8WeD19 XvIOgUlVtHXoJmrIoLpcCvIDWtt6pB4i0R8jtxL69O+n12Pz9vheXpqYFw7AHDKX Za8tokLXRMSWcG2kFxZBNkYav/dx0+c9nTYbOsoPH40nsWdVED7kBXPYqGKiISD2 MrfAvV29ICSqK4rORSSnjzWYowJ02PvTfTlST83GEbsalKnwBO8= =O3LP -----END PGP SIGNATURE-----