UbuntuUpdates.org

Package "git"

Name: git

Description:

fast, scalable, distributed revision control system

Latest version: 1:2.25.1-1ubuntu3.13
Release: focal (20.04)
Level: security
Repository: main
Homepage: https://git-scm.com/

Links


Download "git"


Other versions of "git" in Focal

Repository Area Version
base main 1:2.25.1-1ubuntu3
base universe 1:2.25.1-1ubuntu3
security universe 1:2.25.1-1ubuntu3.13
updates universe 1:2.25.1-1ubuntu3.13
updates main 1:2.25.1-1ubuntu3.13

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:2.25.1-1ubuntu3.7 2023-01-17 20:07:35 UTC

  git (1:2.25.1-1ubuntu3.7) focal-security; urgency=medium

  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE_2022_23521_and_41903/00*.patch:
      attr.c, attr.h, pretty.c, column.c, utf8.c, utf8.h,
      t/t4205-log-pretty-formats.sh, t/test-lib.sh, git-compat-util.h,
      t/t0003-attributes.sh.
    - CVE-2022-23521
    - CVE-2022-41903

 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 12 Jan 2023 09:56:29 -0300

Source diff to previous version

Version: 1:2.25.1-1ubuntu3.6 2022-10-18 20:07:32 UTC

  git (1:2.25.1-1ubuntu3.6) focal-security; urgency=medium

  * SECURITY UPDATE: Unexpected behavior
    - debian/patches/CVE-2022-39253-*.patch: disallow --local
      clones with symlinks and additionally changed the
      protocol.file.allow to be user by default in
      builtin/clone.c, transport.c, and modified tests in
      t/t5604-clone-reference.sh,
      lib-submodule-update.sh, t/t1091-sparse-checkout-builtin.sh,
      t/t1500-rev-parse.sh, t/t2400-worktree-add.sh,
      t/t2403-worktree-move.sh, t/t2405-worktree-submodule.sh,
      t/t3200-branch.sh, t/t3420-rebase-autostash.sh,
      t/t3426-rebase-submodule.sh, t/t3512-cherry-pick-submodule.sh,
      t/t3600-rm.sh, t/t3906-stash-submodule.sh,
      t/t4059-diff-submodule-not-initialized.sh,
      t/t4060-diff-submodule-option-diff-format.sh,
      t/t4067-diff-partial-clone.sh,
      t/t4208-log-magic-pathspec.sh, t/t5510-fetch.sh,
      t/t5526-fetch-submodules.sh, t/t5545-push-options.sh,
      t/t5572-pull-submodule.sh, t/t5601-clone.sh,
      t/t5614-clone-submodules-shallow.sh, t/t5616-partial-clone.sh,
      t/t5617-clone-submodules-remote.sh, t/t6008-rev-list-submodule.sh,
      t/t6134-pathspec-in-submodule.sh,
      t/t7001-mv.sh, t/t7064-wtstatus-pv2.sh,
      t/t7300-clean.sh, t/t7400-submodule-basic.sh,
      t/t7403-submodule-sync.sh, t/t7406-submodule-update.sh,
      t/t7407-submodule-foreach.sh, t/t7408-submodule-reference.sh,
      t/t7409-submodule-detached-work-tree.sh, t/t7411-submodule-config.sh,
      t/t7413-submodule-is-active.sh, t/t7414-submodule-mistakes.sh,
      t/t7415-submodule-names.sh, t/t7416-submodule-dash-url.sh,
      t/t7417-submodule-path-url.sh, t/t7418-submodule-sparse-gitmodules.sh,
      t/t7419-submodule-set-branch.sh, t/t7420-submodule-set-url.sh,
      t/t7421-submodule-summary-add.sh, t/t7506-status-submodule.sh,
      t/t7507-commit-verbose.sh, t/t7800-difftool.sh,
      t/t7814-grep-recurse-submodules.sh, t/t9304-fast-import-marks.sh,
      t/t9350-fast-export.sh, t/t1092-sparse-checkout-compatibility.sh,
      t/t2080-parallel-checkout-basics.sh, t/t7450-bad-git-dotfiles.sh.
    - CVE-2022-39253
  * SECURITY UPDATE: Arbitrary heap writes
    - debian/patches/CVE-2022-39260-*.patch: limit size of interactive
      commands and reject too-long cmdline strings in split cmdline()
      in shell.c, t/t9850-shell.sh, alias.c.
    - CVE-2022-39260

 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 13 Oct 2022 13:36:40 -0300

Source diff to previous version

Version: 1:2.25.1-1ubuntu3.5 2022-07-13 13:07:20 UTC

  git (1:2.25.1-1ubuntu3.5) focal-security; urgency=medium

  * SECURITY UPDATE: Potential arbitrary code execution
    - debian/patches/CVE-2022-29187-1.patch: adds test to
      regression git needs safe.directory when using sudo in
      t/t0034-root-safe-directory.sh.
    - debian/patches/CVE-2022-29187-2.patch: avoid failing dir ownership
      checks if running privileged in git-compat-util.h,
      t/t0034-root-safe-directory.sh.
    - debian/patches/CVE-2022-29187-3.patch: add negative tests
      and allow git init to mostly work under sudo in
      t/lib-sudo.sh b/t/lib-sudo.sh.
    - debian/patches/CVE-2022-29187-4.patch: allow root
      to access both SUDO_UID and root owned in git-compat-util.h,
      t/t0034-root-safe-directory.sh.
    - debian/patches/CVE-2022-29187-5.patch: add tests for safe.directory
      in t/t0033-safe-directory.sh, setup.c.
    - debian/patches/CVE-2022-29187-6.patch: tighten ownership checks
      post CVE-2022-24765 in setup.c.
    - CVE-2022-29187

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 05 Jul 2022 12:13:30 -0300

Source diff to previous version
CVE-2022-29187 Git is a distributed revision control system. Git prior to versions 2. ...
CVE-2022-24765 Git for Windows is a fork of Git containing Windows-specific patches. ...

Version: 1:2.25.1-1ubuntu3.4 2022-04-26 16:06:25 UTC

  git (1:2.25.1-1ubuntu3.4) focal-security; urgency=medium

  * SECURITY REGRESSION: Previous update was incomplete causing regressions
    and not correctly fixing the issue.
    - debian/patches/CVE-2022-24765-5.patch: fix safe.directory
      key not being checked in setup.c.
    - debian/patches/CVE-2022-24765-6.patch:
      opt-out of check with safe.directory=* in setup.c. (LP: #1970260)

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 25 Apr 2022 20:21:34 -0300

Source diff to previous version
CVE-2022-24765 Git for Windows is a fork of Git containing Windows-specific patches. ...

Version: 1:2.25.1-1ubuntu3.3 2022-04-12 20:06:24 UTC

  git (1:2.25.1-1ubuntu3.3) focal-security; urgency=medium

  * SECURITY UPDATE: Run commands in diff users
    - debian/patches/CVE-2022-24765-*.patch: fix GIT_CEILING_DIRECTORIES; add
      an owner check for the top-level-directory; add a function to
      determine whether a path is owned by the current user in patch.c,
      t/t0060-path-utils.sh, setup.c, compat/mingw.c, compat/mingw.h,
      git-compat-util.h.
    - CVE-2022-24765

 -- Leonidas Da Silva Barbosa <email address hidden> Fri, 08 Apr 2022 09:57:16 -0300

CVE-2022-24765 Git for Windows is a fork of Git containing Windows-specific patches. ...



About   -   Send Feedback to @ubuntu_updates