-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 26 Jan 2023 22:59:15 +0800 Source: git Binary: git git-dbgsym Architecture: mips64el Version: 1:2.30.2-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: mipsel Build Daemon (mipsel-osuosl-04) Changed-By: Aron Xu Description: git - fast, scalable, distributed revision control system Changes: git (1:2.30.2-1+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2022-23521: multiple integer overflows while parsing gitattributes * CVE-2022-24765: owner check for the top-level directory to avoid discovering a repository in a directory that is owned by someone other than the current user, which may lead to arbitary command execution * CVE-2022-29187: code execution and privilege escalation when the repository directory and gitdir have different ownership * CVE-2022-39253: exposure of sensitive information while performing local clone from malicious repository * CVE-2022-39260: integer overflow and out-of-bouns array reads/writes in git shell's command line input processing * CVE-2022-41903: integer overflow in commit formatting machinery Checksums-Sha1: 64172fe97dd7331d9b302a18ab700a80690c3988 34546884 git-dbgsym_2.30.2-1+deb11u1_mips64el.deb 52f544e1fefd8a42b04a34b481f85c18f2609a70 8425 git_2.30.2-1+deb11u1_mips64el-buildd.buildinfo 277f36dbc10ca5187d94c06eff8275899099e937 5822768 git_2.30.2-1+deb11u1_mips64el.deb Checksums-Sha256: dedda1be017433d642fc1ab3db5c9773989ca979f8ed51cbbcbcc8bb18e9b01d 34546884 git-dbgsym_2.30.2-1+deb11u1_mips64el.deb f24eebccb0390133cbe1ec8fa90127b2072c811ec699cd34fe40f36c40ca4cd8 8425 git_2.30.2-1+deb11u1_mips64el-buildd.buildinfo 4147832b991a0494ef01da95898b70bb5dc8379edf35684f7198c7ac6f157995 5822768 git_2.30.2-1+deb11u1_mips64el.deb Files: fcde01fd8b07f42b9ac572ffe193dd00 34546884 debug optional git-dbgsym_2.30.2-1+deb11u1_mips64el.deb 7fce3bf4082d6a738b4a17c0602569f4 8425 vcs optional git_2.30.2-1+deb11u1_mips64el-buildd.buildinfo 01c2f74d48d9c471cd4be3922e869434 5822768 vcs optional git_2.30.2-1+deb11u1_mips64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEbqxhtqqT8knLtgp0Ct/wWqReXfQFAmPWGcMACgkQCt/wWqRe XfQqEg/+JB38oIQxrey/flxLHoFUc0RmBCtbTxWdIyVh2H36HOxCiqrYLJfGXx60 pUpP3ssj3/2+bG1+mLq7Iq6VTJ+CJ9MshtKo9/fYT/dsnYe1gl57jpxQlsDAIg4O VDV6qAQLhE9Ijp4jdlxjeeBnJKLy37A30j7+sGuf94M5EUj03u2kxWCjbu2UOqRK 2WsXkn/iA2VkF+0Us9KUODIz6FC3JPp1QeFXaCOkg4XY2fDknKYcTRmYtknZ7js0 S2gvpKx0eBaMgLguAHZl1ABO311GsHkqZFxo3auQMrUjEa+IvxLKvszh8vSH+E1g 9ZpajtHV7hq4paWVopK86o9pgWMXlyTWWom0D1Ny1O5lIr6l7gLPqNoZCrIgBBHI 1ClWlFuKOJZJ1vnPR7025fxebWTRUqN8/MW0DB44RiywzkZIQQ5+vC6yOcGmjWLs CK4s5i87Hj/4IUygM6jWlbPUEcr4IJ/BPZu6eajJ4OcZxObzVJdjHo+EgmcB+xD+ ZbK8Cw5dVnINf4TH1REs5oJN9+l9jIgS1Lcwha66Tqs37VjK+zpKixjHJiqZk86k LVAyI8eUkYFbkAaO56fFRWg5Cqdpb3PjoR1V/aPJpS13PKXC9EENBLYRkSoz8BzO ef3qgulBSciW6AVSDzKXLMZpXs7hKWliTmi2Izumg8L6Hjhneco= =dAqV -----END PGP SIGNATURE-----