-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 26 Jan 2023 22:59:15 +0800
Source: git
Binary: git git-dbgsym
Architecture: i386
Version: 1:2.30.2-1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: i386 Build Daemon (x86-grnet-01) <buildd_amd64-x86-grnet-01@buildd.debian.org>
Changed-By: Aron Xu <aron@debian.org>
Description:
 git        - fast, scalable, distributed revision control system
Changes:
 git (1:2.30.2-1+deb11u1) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2022-23521: multiple integer overflows while parsing gitattributes
   * CVE-2022-24765: owner check for the top-level directory to avoid
     discovering a repository in a directory that is owned by someone other
     than the current user, which may lead to arbitary command execution
   * CVE-2022-29187: code execution and privilege escalation when the
     repository directory and gitdir have different ownership
   * CVE-2022-39253: exposure of sensitive information while performing local
     clone from malicious repository
   * CVE-2022-39260: integer overflow and out-of-bouns array reads/writes in
     git shell's command line input processing
   * CVE-2022-41903: integer overflow in commit formatting machinery
Checksums-Sha1:
 dd1d224f7fd4c291ed8f8bc3835c51a95d7b71b5 29991492 git-dbgsym_2.30.2-1+deb11u1_i386.deb
 1a39ac70df043e31ad00d9e8c2445f16989f4818 8500 git_2.30.2-1+deb11u1_i386-buildd.buildinfo
 f735f641ad8e051edbae41b3b3d6b72791ead051 6363040 git_2.30.2-1+deb11u1_i386.deb
Checksums-Sha256:
 41e9bc27e7c72611f95c73064a89319ffe8d1fff6f0ae0027fe28d91f892bc1a 29991492 git-dbgsym_2.30.2-1+deb11u1_i386.deb
 2faf532207b879819009330cf310f97012d100fbf01f8bddef4c1a92984df49a 8500 git_2.30.2-1+deb11u1_i386-buildd.buildinfo
 03c39447306b15c292a4d8dcbfdf26ed7822064b4649e56d4e61bab4b3ba4be9 6363040 git_2.30.2-1+deb11u1_i386.deb
Files:
 ee6e5b879789121d64d32c46d1e97d42 29991492 debug optional git-dbgsym_2.30.2-1+deb11u1_i386.deb
 2111a2d13354ecb3f54ce13f030dff72 8500 vcs optional git_2.30.2-1+deb11u1_i386-buildd.buildinfo
 5a0a5a5c467e5721837c588bc5a7846c 6363040 vcs optional git_2.30.2-1+deb11u1_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7bJOCbihllHz5a8G6bGbnoZY/NwFAmPWFiUACgkQ6bGbnoZY
/Nxg8Q/+LqyXeLbZFwhHZASpVXptYifMaIwFDUONjIld8e+EysuDLomm2qhpuYcb
EHawkmg4msmEykncD16DLgY7t1iAPEx29uVctikpAVS4KT/P4vSlSYSKY6CG3tVq
fy+uE7ZaCxQ0toC8hK7IkGkt4X6su9A0vz4vaGT3NG2KR+LonRJqwGvm4v2iQ2cZ
w958OJOIDj1FW2xLrs375p0QWQCEBf0qz4CVtrcMRa2/aO6ffIcTiGQno4UCvx8g
cyTFfiMinvYwxybufaBH8wEnPOO8KsOM0zDRBNC5ld8xwlKSJp/LoB0zXN5FuLj6
MjIzRbbuNKDMbqrPn6lpgzeJ+rp5WxrClowF/T32BuXU5VDwJgxQGFED6O5w1wNM
brEVIx+LPPeUpOoJ0XqBqxe4XYlaiq6FKGUEOT8wflDx6k7aEmwFecmow2mWH1+t
uicC/e4Xob1GGdi/5Wf/x1ywytVA0QaXWQIa61B1M3Ji286eO5np4fWia9M31zm5
r4bw8AURigkOybBaju+ugqycFi5rMZxv8uCvkvSnip/m4owKcMvFMNz60UnBodVU
fh9PgsZdoJuqrcsVOIGoRACD0UuAkQQ2zdbJqBUsdFDCiy0BzvyftXi5zx5VQsiE
Jg1MaUoJBc6v++UcGH37ANSwwrvc4LkAgj8Zrx1cN8huNna6PnE=
=Zj0+
-----END PGP SIGNATURE-----