-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 26 Jan 2023 22:59:15 +0800 Source: git Binary: git git-dbgsym Architecture: ppc64el Version: 1:2.30.2-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: ppc64el Build Daemon (ppc64el-osuosl-01) Changed-By: Aron Xu Description: git - fast, scalable, distributed revision control system Changes: git (1:2.30.2-1+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2022-23521: multiple integer overflows while parsing gitattributes * CVE-2022-24765: owner check for the top-level directory to avoid discovering a repository in a directory that is owned by someone other than the current user, which may lead to arbitary command execution * CVE-2022-29187: code execution and privilege escalation when the repository directory and gitdir have different ownership * CVE-2022-39253: exposure of sensitive information while performing local clone from malicious repository * CVE-2022-39260: integer overflow and out-of-bouns array reads/writes in git shell's command line input processing * CVE-2022-41903: integer overflow in commit formatting machinery Checksums-Sha1: 3e4981fa8d14f2c1aa62cb0349b356488b575917 33733760 git-dbgsym_2.30.2-1+deb11u1_ppc64el.deb 4bafc9c85c53a1c94b1f16b20cdf83a269e556dc 8563 git_2.30.2-1+deb11u1_ppc64el-buildd.buildinfo 0d5f7b9ee686e260c01b0b9218c37b05f97319a4 6432748 git_2.30.2-1+deb11u1_ppc64el.deb Checksums-Sha256: 804d101dde3f2d15c4ef75fa28733232dbd48f95350db0ea7a91f6addf2575ff 33733760 git-dbgsym_2.30.2-1+deb11u1_ppc64el.deb 98b34eadbea11de82dbb3cbcf8c689025ecfadbb485904ae880465fa10d969b0 8563 git_2.30.2-1+deb11u1_ppc64el-buildd.buildinfo d368b37dc7dabd1f2b84e70a3f862d74da808b243e8d03ba5a9be71bb41a2546 6432748 git_2.30.2-1+deb11u1_ppc64el.deb Files: d65d6231979ef935b7c9fd8518b3356c 33733760 debug optional git-dbgsym_2.30.2-1+deb11u1_ppc64el.deb 4b05a9f9c1b44ddbe1c4fad97a1cee6c 8563 vcs optional git_2.30.2-1+deb11u1_ppc64el-buildd.buildinfo 9d21a85c32c024d8d9a02e0ac759b96a 6432748 vcs optional git_2.30.2-1+deb11u1_ppc64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEG6HwUrz8cgTg6xaPZnETzaamDSwFAmPWWBkACgkQZnETzaam DSz7zA//VU10cRvx4pMpWoojvrvG79i1F73ehUtpEng/Q+o2G5kUVXLoRSLEnIfT ukafMBKvv8EQ8Ni8nPKCMKSc14PEKHcrgJ5+z/21hkWvJDsuFhmSvgRAmOzcm+j9 RjaoXpQfqDzwvoGm2MQ3uooXEX2aWfNtvq+Hhqu2kT6aUYFEERK4nHirXM2MnHQP MihU3xYsLpp4r2Z2KctBadMsBqpCEI4NBeB2lZdibTX2j+Z9Aa/zVifLYc3nimgj sy9amra1DWZcpyIPAR2C7vWzZhPdYjRuzTTQN0g9zMHcRohib4HmTnLaMcq80eT5 NBEK7VYykOElzDylazb76NKf1Ipj05tdayF1aTUlBbm3nkb3yp/IaxPK73yky90B e3LDIMatinW+mjWpDx4WuqGl8MbKMxj8sTAt10+YDk45Z33i54G2FgYl8rFuOZpj uL/WhN0saEXVTfFIWKxHdpi1u95mYNAgNngbVF34LCFO6j9RpUolN4OiTcFTRRdM Xw0lIqfJiWd0ovmSfgMTFzgAgc9V/IBeFl/TZh8NU8GG0llA3XLiT3/18sL+r9gl B67/tZDufCk9hp+4H2M7v+lTSU8uT9UWNCdk+b7dFGnDDk+fU70eGEo8B/R9Mgc3 /yhpepIu6GUxTApu1O1llcDOjAVKZC/edhQ9XJ3KSIBhafWbxxg= =a7xI -----END PGP SIGNATURE-----