Package "git-el"
| Name: |
git-el
|
Description: |
fast, scalable, distributed revision control system (emacs support)
|
| Latest version: |
1:2.25.1-1ubuntu3.14 |
| Release: |
focal (20.04) |
| Level: |
updates |
| Repository: |
universe |
| Head package: |
git |
| Homepage: |
https://git-scm.com/ |
Links
Download "git-el"
Other versions of "git-el" in Focal
Changelog
|
git (1:2.25.1-1ubuntu3.14) focal-security; urgency=medium
* SECURITY UPDATE: insufficient credential prompt sanitization
- debian/patches/CVE-2024-50349-1.patch: add credential_format() and
strbuf_add_percentencode() in credential.c, strbuf.c, strbuf.h.
- debian/patches/CVE-2024-50349-2.patch: sanitize the user prompt in
credential.c, credential.h, t/t0300-credentials.sh,
t/t5541-http-push-smart.sh, t/t5550-http-fetch-dumb.sh,
t/t5551-http-fetch-smart.sh.
- CVE-2024-50349
* SECURITY UPDATE: incorrect use of carriage returns as new lines
- debian/patches/CVE-2024-52006.patch: disallow carriage returns in the
protocol by default in credential.c, credential.h,
t/t0300-credentials.sh.
- CVE-2024-52006
-- Marc Deslauriers <email address hidden> Wed, 26 Feb 2025 12:43:37 -0500
|
| Source diff to previous version |
| CVE-2024-50349 |
Git is a fast, scalable, distributed revision control system with an u ... |
| CVE-2024-52006 |
Git is a fast, scalable, distributed revision control system with an u ... |
|
|
git (1:2.25.1-1ubuntu3.13) focal-security; urgency=medium
* SECURITY UPDATE: Facilitation of arbitrary code execution
- debian/patches/CVE-2024-32002.patch: submodule paths
must not contains symlinks in builtin/submodule--helper.c.
- CVE-2024-32002
-- Marc Deslauriers <email address hidden> Thu, 13 Jun 2024 12:56:11 -0400
|
| Source diff to previous version |
| CVE-2024-32002 |
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be c |
|
|
git (1:2.25.1-1ubuntu3.12) focal-security; urgency=medium
* SECURITY UPDATE: Arbitrary code execution
- debian/patches/CVE-2024-32004.patch: detect dubious ownership of
local repositories in path.c, setup.c, setup.h.
- CVE-2024-32004
* SECURITY UPDATE: Overwrite of possible malicious hardlink
- debian/patches/CVE-2024-32020.patch: refuse clones of unsafe
repositories in builtin/clonse.c, t0033-safe-directory.sh.
- CVE-2024-32020
* SECURITY UPDATE: Unauthenticated attacker to place a repository
on their target's local system that contains symlinks
- debian/patches/CVE-2024-32021.patch: abort when hardlinked source and
target file differ in builtin/clone.c
- CVE-2024-32021
* SECURITY UPDATE: Arbitrary code execution
- debian/patches/CVE-2024-32465.patch: disable lazy-fetching by default
in builtin/upload-pack.c, promisor-remote.c
- CVE-2024-32465
-- Leonidas Da Silva Barbosa <email address hidden> Wed, 22 May 2024 11:58:06 -0300
|
| Source diff to previous version |
| CVE-2024-32004 |
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repos |
| CVE-2024-32020 |
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking f |
| CVE-2024-32021 |
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repositor |
| CVE-2024-32465 |
Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clon |
|
|
git (1:2.25.1-1ubuntu3.11) focal-security; urgency=medium
* SECURITY UPDATE: Overwriting path
- debian/patches/CVE-2023_25652_25815_29007/0022-*.patch: apply
--reject overwriting existing .rej symlink if it exists in apply.c,
t/t4115-apply-symlink.sh.
- CVE-2023-25652
* SECURITY UPDATE: Malicious placement of crafted messages
- debian/patches/CVE-2023_25652_25815_29007/0024-*patch:
avoid using gettext if the locale dir is not present in
gettext.c.
- CVE-2023-25815
* SECURITY UPDATE: Arbitrary configuration injection
- debian/patches/CVE-2023_25652_25815_29007/0025-*.patch: avoid
fixed-sized buffer when renaming/deleting a section in config.c,
t/t1300-config.sh.
- debian/patches/CVE-2023_25652_25815_29007/0026-*.patch: avoid
integer truncation in copy_or_rename_section_in_file() in config.c.
- debian/patches/CVE-2023_25652_25815_29007/0027-*.patch: disallow
overly-long lines in copy_or_rename_section_in_file in config.c.
- CVE-2023-29007
-- Leonidas Da Silva Barbosa <email address hidden> Wed, 26 Apr 2023 09:52:23 -0300
|
| Source diff to previous version |
| CVE-2023-25652 |
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by fe |
| CVE-2023-29007 |
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a spe |
|
|
git (1:2.25.1-1ubuntu3.10) focal-security; urgency=medium
* SECURITY UPDATE: Overwritten path and using
local clone optimization even when using a non-local transport
- debian/patches/CVE_2023-22490_and_23946/0002-*.patch: adjust
a mismatch data type in attr.c.
- debian/patches/CVE_2023-22490_and_23946/0003-*.patch: demonstrate
clone_local() with ambiguous transport in
t/t5619-clone-local-ambiguous-transport.sh.
- debian/patches/CVE_2023-22490_and_23946/0004-*.patch: delay
picking a transport until after get_repo_path() in builtin/clone.c.
- debian/patches/CVE_2023-22490_and_23946/0005-*.patch: prevent top-level
symlinks without FOLLOW_SYMLINKS in dir-iterator, dir-iterator.h,
t/t0066-dir-iterator.sh, t/t5604-clone-reference.sh.
- debian/patches/CVE_2023-22490_and_23946/0006-*.patch: fix writing behind
newly created symbolic links in apply.c, t/t4115-apply-symlink.sh.
- CVE-2023-22490
- CVE-2023-23946
-- Leonidas Da Silva Barbosa <email address hidden> Wed, 08 Feb 2023 11:21:13 -0300
|
About
-
Send Feedback to @ubuntu_updates
