-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 26 Jan 2023 22:59:15 +0800 Source: git Binary: git git-dbgsym Architecture: mipsel Version: 1:2.30.2-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: mipsel Build Daemon (mipsel-osuosl-05) Changed-By: Aron Xu Description: git - fast, scalable, distributed revision control system Changes: git (1:2.30.2-1+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2022-23521: multiple integer overflows while parsing gitattributes * CVE-2022-24765: owner check for the top-level directory to avoid discovering a repository in a directory that is owned by someone other than the current user, which may lead to arbitary command execution * CVE-2022-29187: code execution and privilege escalation when the repository directory and gitdir have different ownership * CVE-2022-39253: exposure of sensitive information while performing local clone from malicious repository * CVE-2022-39260: integer overflow and out-of-bouns array reads/writes in git shell's command line input processing * CVE-2022-41903: integer overflow in commit formatting machinery Checksums-Sha1: f94ee38c466c6724fa7df948a703d952b1a25eac 32753800 git-dbgsym_2.30.2-1+deb11u1_mipsel.deb dab619a93094b6b36a09c5ba8c5882826611c625 8402 git_2.30.2-1+deb11u1_mipsel-buildd.buildinfo 0b956c2192d5de44987847b020127bf00e16e8b6 5778880 git_2.30.2-1+deb11u1_mipsel.deb Checksums-Sha256: b4efb8e23f90b46ef2d0519ff92b3090a3332acc57718dca16681861f1457dae 32753800 git-dbgsym_2.30.2-1+deb11u1_mipsel.deb 18cb83f9547111ef07cc54d9d80d3290844310e417a15e09fb2e320742c692fb 8402 git_2.30.2-1+deb11u1_mipsel-buildd.buildinfo c895e1307bae6abd4d25712fc18b4fb912b79e923cb43439f7c21447138740c6 5778880 git_2.30.2-1+deb11u1_mipsel.deb Files: a61a08f85ff6fbed08a2b2254c966dca 32753800 debug optional git-dbgsym_2.30.2-1+deb11u1_mipsel.deb 03414c2aefac4b9adaad247ce08568d6 8402 vcs optional git_2.30.2-1+deb11u1_mipsel-buildd.buildinfo 0178e0f2be9f02d07a5a4c9ce5b4ce9d 5778880 vcs optional git_2.30.2-1+deb11u1_mipsel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEB/LZjIxKoy4YPfehZlR40KOuoLkFAmPWGdUACgkQZlR40KOu oLkJFQ//SKh00XFYNwOV3f5Jzr9SyyvdKXCxtEVUxhJfMcw+hrAQ3co1e9lWzrjI AWQ3sdMl5eFA4OTqG1G359qdxTcgRelN5NzgZczcLJaK71bLQryBYuuYBxr7V9tm 8kZo/Vr/Pk6dkKhbeNvdfUuP6OLHB2sGua6hax6aTDL8uk57xj2yePe7zhzAQIE2 FgigMYXodDS7FF1SgC9vUpW8qjkKOMKXHlgAOTKa0M2tCYqf4wsMFn/+MfSxlg6+ fKD6Ho0NGNh5lYrbIwd2pl9A+x4T2n0+XiR4MMSLmkl++tbCBNzxJzCUd/wVnHpJ sZL09xkm2CtIxBx+sHuy7D9wYbkB17sdPiRnNJx8w123TNRXgF/ddC+YMFMpkx5Z PNKrvlbQ6I7+SoH37FDgTX7gGE1O+iZ7yCsbw5YOzdAnZ6XrGBZGIMsz5HvuJV+a Hz3RZPr8PSPVL2opAcmsrTCwE39TQUM4kvjBQXQRMyBkPLzLw3EALMutsHJNn/9A /CFzL5y6ffFHtrzO51CjrfPTsAUfYtvE+vABkPrhUWlLcBZjWp+rcHn1+qp598RD zamggCOXhMMSQ5Cn+YByUQTcufOc3q6Zi3W2CNcUEJa+WuLr2AGVJSh3YiMOdvDq UYYGZvWutQVxLMaRlujW4Z+MVIpy9lPiWqnTVQi05i56en6nJI4= =BvSY -----END PGP SIGNATURE-----