UbuntuUpdates.org

Package "git-daemon-sysvinit"

Name: git-daemon-sysvinit

Description:

fast, scalable, distributed revision control system (git-daemon service)

Latest version: 1:2.34.1-1ubuntu1.11
Release: jammy (22.04)
Level: security
Repository: universe
Head package: git
Homepage: https://git-scm.com/

Links


Download "git-daemon-sysvinit"


Other versions of "git-daemon-sysvinit" in Jammy

Repository Area Version
base universe 1:2.34.1-1ubuntu1
updates universe 1:2.34.1-1ubuntu1.11

Changelog

Version: 1:2.34.1-1ubuntu1.4 2022-07-13 20:07:28 UTC

  git (1:2.34.1-1ubuntu1.4) jammy-security; urgency=medium

  * SECURITY UPDATE: Potential arbitrary code execution
    - debian/patches/CVE-2022-29187-1.patch: adds test to
      regression git needs safe.directory when using sudo in
      t/t0034-root-safe-directory.sh.
    - debian/patches/CVE-2022-29187-2.patch: avoid failing dir ownership
      checks if running privileged in git-compat-util.h,
      t/t0034-root-safe-directory.sh.
    - debian/patches/CVE-2022-29187-3.patch: add negative tests
      and allow git init to mostly work under sudo in
      t/lib-sudo.sh b/t/lib-sudo.sh.
    - debian/patches/CVE-2022-29187-4.patch: allow root
      to access both SUDO_UID and root owned in git-compat-util.h,
      t/t0034-root-safe-directory.sh.
    - debian/patches/CVE-2022-29187-5.patch: add tests for safe.directory
      in t/t0033-safe-directory.sh, setup.c.
    - debian/patches/CVE-2022-29187-6.patch: tighten ownership checks
      post CVE-2022-24765 in setup.c.
    - CVE-2022-29187

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 05 Jul 2022 10:11:29 -0300

Source diff to previous version
CVE-2022-29187 Git is a distributed revision control system. Git prior to versions 2. ...
CVE-2022-24765 Git for Windows is a fork of Git containing Windows-specific patches. ...

Version: 1:2.34.1-1ubuntu1.2 2022-04-26 16:06:31 UTC

  git (1:2.34.1-1ubuntu1.2) jammy; urgency=medium

  * SECURITY REGRESSION: Previous update was incomplete causing regressions
    and not correctly fixing the issue.
    - debian/patches/CVE-2022-24765-5.patch: fix safe.directory
      key not being checked in setup.c.
    - debian/patches/CVE-2022-24765-6.patch:
      opt-out of check with safe.directory=* in setup.c. (LP: #1970260)

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 25 Apr 2022 20:14:03 -0300

Source diff to previous version
CVE-2022-24765 Git for Windows is a fork of Git containing Windows-specific patches. ...

Version: 1:2.34.1-1ubuntu1.1 2022-04-25 17:06:18 UTC

  git (1:2.34.1-1ubuntu1.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Run commands in diff users
    - debian/patches/CVE-2022-24765-*.patch: fix GIT_CEILING_DIRECTORIES; add
      an owner check for the top-level-directory; add a function to
      determine whether a path is owned by the current user in patch.c,
      t/t0060-path-utils.sh, setup.c, compat/mingw.c, compat/mingw.h,
      git-compat-util.h.
    - CVE-2022-24765

 -- Leonidas Da Silva Barbosa <email address hidden> Fri, 08 Apr 2022 08:43:25 -0300

CVE-2022-24765 Git for Windows is a fork of Git containing Windows-specific patches. ...



About   -   Send Feedback to @ubuntu_updates