Accepted git 1:2.39.1-0.1~bpo11+1 (source) into bullseye-backports

To: debian-backports-changes@lists.debian.org
Subject: Accepted git 1:2.39.1-0.1~bpo11+1 (source) into bullseye-backports
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Mon, 30 Jan 2023 22:08:08 +0000
Message-id: <[🔎] E1pMcJs-00GKWD-8L@fasolo.debian.org>
Mail-followup-to: debian-backports@lists.debian.org
Reply-to: debian-backports@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 29 Jan 2023 15:46:13 +0100
Source: git
Architecture: source
Version: 1:2.39.1-0.1~bpo11+1
Distribution: bullseye-backports
Urgency: medium
Maintainer: Jonathan Nieder <jrnieder@gmail.com>
Changed-By: Sven Hoexter <hoexter@debian.org>
Closes: 1010720 1016723 1022046 1029114
Changes:
 git (1:2.39.1-0.1~bpo11+1) bullseye-backports; urgency=medium
 .
   * Rebuild for bullseye-backports.
 .
 git (1:2.39.1-0.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * New upstream stable release (Closes: #1029114)
     Fixes CVE-2022-23521 and CVE-2022-41903.
 .
 git (1:2.39.0-1) unstable; urgency=low
 .
   * new upstream release (see RelNotes/2.39.0.txt).
 .
 git (1:2.38.1-1) unstable; urgency=medium
 .
   * new upstream release (closes: #1022046; see RelNotes/2.38.0.txt,
     RelNotes/2.38.1.txt).
     * Addresses the security issue CVE-2022-39253: cloning an
       attacker-controlled local repository could store arbitrary files
       in the ".git" directory of the destination repository.
 .
       Thanks to Cory Snider of Mirantis for reporting this
       vulnerability and Taylor Blau for the mitigation.
 .
     * Addresses CVE-2022-39260: a long command string passed to a `git
       shell` configured to support custom commands could overflow and
       run arbitrary code.
 .
       Thanks to Kevin Backhouse of GitHub for reporting this
       vulnerability and Kevin Backhouse, Jeff King, and Taylor Blau
       for mitigating it.
 .
 git (1:2.37.2-1) unstable; urgency=low
 .
   * new upstream release (closes: #1016723; see RelNotes/2.37.0.txt,
     RelNotes/2.37.1.txt, RelNotes/2.37.2.txt).
 .
 git (1:2.36.1-1) unstable; urgency=low
 .
   * new upstream point release (closes: #1010720; see
     RelNotes/2.36.1.txt).
 .
 git (1:2.36.0-1) unstable; urgency=low
 .
   * new upstream release (see RelNotes/2.36.0.txt).
 .
 git (1:2.35.2-1) unstable; urgency=medium
 .
   * new upstream point release (see RelNotes/2.35.2.txt).
     * Addresses the security issue CVE-2022-24765: Git users might
       have found themselves unexpectedly in a Git worktree, e.g. when
       another user created a repository in `/tmp/.git`, in a mounted
       network drive or in a scratch space. Having a Git-aware prompt
       that runs `git status` (or `git diff`) and navigating to a
       directory which is supposedly not a Git worktree, or opening
       such a directory in an IDE with Git support such as VS Code,
       could then run commands specified by that other user.
 .
       Thanks to 俞晨东 for discovering this vulnerability and
       Johannes Schindelin for the mitigation.
 .
 git (1:2.35.1-1) unstable; urgency=low
 .
   * new upstream release (see RelNotes/2.35.0.txt, RelNotes/2.35.1.txt).
Checksums-Sha1:
 03f00dcb5517bdab330e461de126dc3c4f4e5091 2836 git_2.39.1-0.1~bpo11+1.dsc
 13b1c55adecc45d75bfb82ad939362fa34f4bc49 739404 git_2.39.1-0.1~bpo11+1.debian.tar.xz
 9c27c85d64d299a398a328d3434e3100d801b369 12575 git_2.39.1-0.1~bpo11+1_amd64.buildinfo
Checksums-Sha256:
 cdfa2157b54e4fab64e7f48a75b2b287318a122b3a4a7da69547a29c0c7e6f98 2836 git_2.39.1-0.1~bpo11+1.dsc
 1b93bf40b6952c5b600703324c803105e5d3340c54127cb04e59444d8088e6b9 739404 git_2.39.1-0.1~bpo11+1.debian.tar.xz
 daecad366153cdd3c27c1b88bc5691036feb8f3bec775baf38f93ad449f01f18 12575 git_2.39.1-0.1~bpo11+1_amd64.buildinfo
Files:
 d15bd34a160bfcde8db54ead14a72f73 2836 vcs optional git_2.39.1-0.1~bpo11+1.dsc
 0eed28cfaadecdbd6e98f47b42f4034f 739404 vcs optional git_2.39.1-0.1~bpo11+1.debian.tar.xz
 b64ffe347a9e8457fa869ceb9d757bb3 12575 vcs optional git_2.39.1-0.1~bpo11+1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEfAcX+forK514ixQbptwk2dokk9EFAmPWjawACgkQptwk2dok
k9GJrA//ZMLezF4l4AcVHpG+Rqdtrf+3+UqWZhlOXqJfjhJO1kmo1tWbPpLrbmdE
lPKwNOk8nKyxavdeC5c/J4HT1EyGya/JO/NU68chgoRtigCTuo/oTC1DUHcZ/JOT
jIyRo1f06ma32qtjxYfSRbNmpCNDsivvjw8B2Ty/hR2OfEyVP3C0uFJOuoVQa3At
D5tiTZM8ymCbM+laXlbpl5Yv11TZy2fvg9+PRETTNyfOLNjOhKiMNAHHmA0GO1+J
qkos63Ob1Q0mvjHqrHKu92/kd0YbQHHYD3flL+Sfm1jH5yyugJIlfCM8a7FCzKsW
hqLs0I/3YQVwdBhTalIEYb7uQzQOGWH7nECqm9k2zujiJyjuU5Jrjy90gTnlqTdE
M9Aj8PNFXkjaPxipBiM+FmBbuXz9H2WHQkrO/oFUEyxrLs7FFIUx3uCjOrghTHnd
xcgUq6+hjMnajNAdqk1KW5bx78upoWOWwGtJTMn8+rb5pxXEmDinB5+NHfnRthWa
nUii86WUqULgKdnW1r4vjBTknygaREMBpNsJWh6tDPA8HDBSkRE/dBa07dGnbAT+
BKVtYs5VJ1SWLMkE5LCXV4TMqYWjA5Z4sYX9tns/AcfLv1hggBCFRlvHxxVH138F
4kmJr91mHM8syOUmeqBVHb26FTKqb/wtjzwfD1+GVCOvfqDSCpU=
=vXD8
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted golang-1.19 1.19.5-1~bpo11+1 (source) into bullseye-backports
Next by Date: Accepted elementary-icon-theme 7.2.0-1~bpo11+1 (source) into bullseye-backports
Previous by thread: Accepted golang-1.19 1.19.5-1~bpo11+1 (source) into bullseye-backports
Next by thread: Accepted elementary-icon-theme 7.2.0-1~bpo11+1 (source) into bullseye-backports
Index(es):
- Date
- Thread