-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 26 Jan 2023 22:59:15 +0800 Source: git Binary: git git-dbgsym Architecture: s390x Version: 1:2.30.2-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: s390x Build Daemon (zandonai) Changed-By: Aron Xu Description: git - fast, scalable, distributed revision control system Changes: git (1:2.30.2-1+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2022-23521: multiple integer overflows while parsing gitattributes * CVE-2022-24765: owner check for the top-level directory to avoid discovering a repository in a directory that is owned by someone other than the current user, which may lead to arbitary command execution * CVE-2022-29187: code execution and privilege escalation when the repository directory and gitdir have different ownership * CVE-2022-39253: exposure of sensitive information while performing local clone from malicious repository * CVE-2022-39260: integer overflow and out-of-bouns array reads/writes in git shell's command line input processing * CVE-2022-41903: integer overflow in commit formatting machinery Checksums-Sha1: 1a9a1b67485b358afcacea149db34318fb6fc4af 33550064 git-dbgsym_2.30.2-1+deb11u1_s390x.deb ed7bf720f23018bb029f816c7553c183264520f5 8465 git_2.30.2-1+deb11u1_s390x-buildd.buildinfo d18dd1bbdc3843750280975b16b3d90f5b290250 5177308 git_2.30.2-1+deb11u1_s390x.deb Checksums-Sha256: 2f0e587c7656339bf7d29379bb7e87951b61d6e02c33f6b39238f7adb7316b03 33550064 git-dbgsym_2.30.2-1+deb11u1_s390x.deb 825d31cefdabb23d293980ba4ca79070d4e18ab095529c70253bbbe98eb2dd97 8465 git_2.30.2-1+deb11u1_s390x-buildd.buildinfo 151a833ce7c6c540109ef79e98e9890812788f6ebf4228eb6d7b9bbc47fb83c5 5177308 git_2.30.2-1+deb11u1_s390x.deb Files: c8fe88277a91df595dd46e319f187d8a 33550064 debug optional git-dbgsym_2.30.2-1+deb11u1_s390x.deb d9636d6eaac9b82e7e50662502788222 8465 vcs optional git_2.30.2-1+deb11u1_s390x-buildd.buildinfo 8c63967120912f49cb6f1a689c0e4339 5177308 vcs optional git_2.30.2-1+deb11u1_s390x.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEhBjA3afmaHyzk51IFQ1EGN3xM6QFAmPWFcgACgkQFQ1EGN3x M6SO0g//fKxtdkpw5SXGrMdVVfP5fOcgeK2Iqa6NWBRmpDzvzW+h4snJszm6C51W 8E5TcbbUr489wHdj43J3igaAxen446I9US7DYLVvg0quonA5YIomRTyLuqzJ37Ec DM/T4vjFQGFhPPNu1RIwYKb4uMd4On4Gfhq3k8sdetB11LwwkXjLhIhgjeHRUdwJ O1gJQ6SmhOWm7Q3bUvZglMpxD8yjTOYz7MDg47ilTY0dg/VBLmjmqRhUnGLdnLWA yqQnOBv0epPs93e3gDRU5JRwPfAtAZQ7Wiz0wbVmh2mI3Wf8v8DY4nAY8DBt4z/h SK+3aAKDxNEvTFrECCRY2U4u8bkBwVWPovAQxNznQ/44MtWw0L2cJUTNIJ1zMtGT jdMdEPr5WiAMapSdiE/BOGOsekujD1slc5izUXRz2waw7ZqazJJ8dt5XLPPCua92 IMABUIUSbFmFDY4m8T96iwRmzuit/P9feHjSWIpuZvW8stTfsygF1vDTCSwJ76j8 yURyezThnvlCTuB724oKD6+cW1wigKEF2u7vq03iewVHgI/tcmx7uyFZ7kYTKxvR NokSfIaeM0F+PY1E6w9NsKOniWStH6tBOv7HPqrQ+qINZsNJkQbJ0mbMS+/QFARp GPecUHOVwxjim7/LXHP9tFDTai3TZPJPma2fS+xNGL7RD9g/Gtk= =0I3a -----END PGP SIGNATURE-----