1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES.DEVE

  • Accepted git 1:2.50.1-0.1 (source) into unstable

    From Debian FTP Masters@21:1/5 to All on Thu Jul 31 01:40:01 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Tue, 29 Jul 2025 20:54:28 +0300
    Source: git
    Architecture: source
    Version: 1:2.50.1-0.1
    Distribution: unstable
    Urgency: medium
    Maintainer: Jonathan Nieder <[email protected]>
    Changed-By: Adrian Bunk <[email protected]>
    Closes: 1108983
    Changes:
    git (1:2.50.1-0.1) unstable; urgency=medium
    .
    * Non-maintainer upload.
    * New upstream release.
    - CVE-2025-27613: gitk: file creation/truncation after cloning
    untrusted repository
    - CVE-2025-27614: gitk: user can be tricked into running any
    script after cloning untrusted repository
    - CVE-2025-46835: git-gui: file creation/overwriting after
    cloning untrusted repository
    - CVE-2025-48384: script execution after cloning untrusted
    repository
    - CVE-2025-48385: protocol injection when fetching
    - Closes: #1108983
    Checksums-Sha1:
    b505838c95886bd3a4afe258830291a4225a565a 2676 git_2.50.1-0.1.dsc
    54416ce0aee97292caaf89ec8fb313c1ea825c2f 7880972 git_2.50.1.orig.tar.xz
    008af8c413400e3837805fdb4d2987d1c34fac84 811604 git_2.50.1-0.1.debian.tar.xz Checksums-Sha256:
    924b0830bb42a17e36770fbff890a56ce990e3e55eab1672e0823669c4ce35e8 2676 git_2.50.1-0.1.dsc
    7e3e6c36decbd8f1eedd14d42db6674be03671c2204864befa2a41756c5c8fc4 7880972 git_2.50.1.orig.tar.xz
    66bd1e928719ce7c84c5eaee180c90da41df0e7c42ffb1c4a150319b501b3a1b 811604 git_2.50.1-0.1.debian.tar.xz
    Files:
    9ea8eb4ac51608880884f2679124eafb 2676 vcs optional git_2.50.1-0.1.dsc
    2cb96fae126d66f8ff23a68f8dd5d748 7880972 vcs optional git_2.50.1.orig.tar.xz
    8a5c90661d193c6ba35b0cd41b8e9a81 811604 vcs optional git_2.50.1-0.1.debian.tar.xz

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmiJUxEACgkQiNJCh6LY mLHl+g/+MIoeTTJd2wq2hDXjV/ya11VD7+tP3JKJu7J1K+VDxKMtd7jMt9zFEeTP yvnJJhkztWedoMXvwdHSU16OyjkPMCb9g8siPsvuFeL+DFRaHzaaqccXsF58egQR Em4qV2UTxNihtyPELThD0heMySv9PqYXgT2DRHBf8AYZIF49n/shOqwWg93VJrPs IeWP/HwkxWiZILcgUxdvUHzUM72wPJHdeHVJ3bYpP4dGSWtRgAWO1a/5y/rKiLv+ IPcJWN6vwFairrz80XJ+JpDs7Nd6WRSC/QgaAuBEvG6W0CNJ4exBDBrbOZ1rSuvq 5f/Cirn/83Hvyg+WnbaxIzULhG6hMLP8s8qWy6hXyGPDRK62zQhStRwMfb5jbKl5 X/4fbBU2Wtbrvkf9YEVmmrnL0+STxNOMAHDRXesKvmIsHh6Gm9hsEr13YPKhHBKM RZBJbZXUdJwbXCKlyfc5XQc9AwM42BDZ+dvDGNbi/C/Y1Cnah6i+ZlBKY5ARousW dmnNRsNg7pKgpAW+LHQ+faJJ0O9cpgmd8o7G3ALWxktzrENTUmLiBP45uuGJJm/7 VjebNCGhC+zXqwPwSfWnYAy2/qESEVZ2vn0JOPBBnA2Y6sdQg3bAkr7suwvLUnpu TGv701LZeFYqElFXilTxa73YIXt80wKsmiMZAC2AD2ID6ZXw1I4=
    =BpgQ
    -----END PGP SIGNATURE-----


    --==============f69455369874591352=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaIqsKgAKCRCb9qggYcy5 ISQ9AP4rgyYzJjNpxL5f5bYtQhui/8WYPY72nYh9kUSADXpyKgEA0W/xiSQGvhSy 4llxNsZyTDUVs6fk6iPowen8TPVyAQ0=klQm
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)