UbuntuUpdates.org

Package "git-gui"

Name: git-gui

Description:

fast, scalable, distributed revision control system (GUI)
Latest version: 1:2.34.1-1ubuntu1.15
Release: jammy (22.04)
Level: security
Repository: universe
Head package: git
Homepage: https://git-scm.com/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "git-gui"

All arch deb package
APT INSTALL

Other versions of "git-gui" in Jammy

Repository Area Version
base universe 1:2.34.1-1ubuntu1
updates universe 1:2.34.1-1ubuntu1.14

Changelog

Version: 1:2.34.1-1ubuntu1.15 2025-07-10 22:07:08 UTC

  git (1:2.34.1-1ubuntu1.15) jammy-security; urgency=medium

  * SECURITY REGRESSION: Breakage when using gitk and git gui. (LP: #2116251)
    - debian/patches/CVE-2025-27613.patch: Added back.
    - debian/patches/CVE-2025-27613-post1.patch: Change usage of
      safe_open_command_redirect to safe_open_command in some commands in
      gitk-git/gitk.
    - debian/patches/CVE-2025-46835-pre1.patch: Added back.
    - debian/patches/CVE-2025-46835.patch: Added back.
    - debian/patches/CVE-2025-46835-post1: Change git_read to safe_open_command
      in git-gui/git-gui.sh.

 -- Hlib Korzhynskyy <email address hidden> Wed, 09 Jul 2025 17:16:10 -0230
Source diff to previous version
2116251 gitk and git-gui commands are not working after upgrade
CVE-2025-27613 Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when ...
CVE-2025-46835 Git GUI allows you to use the Git source control management tools via ...

Version: 1:2.34.1-1ubuntu1.14 2025-07-09 19:36:59 UTC

  git (1:2.34.1-1ubuntu1.14) jammy-security; urgency=medium

  * SECURITY REGRESSION: Revert gitk and git gui fixes pending further
    investigation. (LP: #2116251)
    - debian/patches/CVE-2025-27613.patch: Reverted.
    - debian/patches/CVE-2025-46835-pre1.patch: Reverted.
    - debian/patches/CVE-2025-46835.patch: Reverted.

 -- Hlib Korzhynskyy <email address hidden> Wed, 09 Jul 2025 10:08:11 -0230
Source diff to previous version
2116251 gitk and git-gui commands are not working after upgrade

Version: 1:2.34.1-1ubuntu1.13 2025-07-08 20:30:46 UTC

  git (1:2.34.1-1ubuntu1.13) jammy-security; urgency=medium

  * SECURITY UPDATE: Code execution and file manipulation when cloning
    malicious repositories.
    - debian/patches/CVE-2025-27613.patch: Add argument sanitizing and replace
      command instances with safe versions in gitk-git/gitk.
    - CVE-2025-27613
  * SECURITY UPDATE: File overwrite when editing a file in a malicious
    directory in an untrusted repository.
    - debian/patches/CVE-2025-46835-pre1.patch: Remove windows specific code
      in git-gui/git-gui.sh.
    - debian/patches/CVE-2025-46835.patch: Add argument sanitizing, replace
      command instances with safe versions, and wrap instances with list in
      git-gui/git-gui.sh and other files in git-gui directory.
    - CVE-2025-46835
  * SECURITY UPDATE: Unintentional script execution due to improperly stripped
    carriage return.
    - debian/patches/CVE-2025-48384.patch: Add carriage return checks in
      config.c.
    - CVE-2025-48384
  * SECURITY UPDATE: Buffer overflow.
    - debian/patches/CVE-2025-48386.patch: Add target_append function and
      change wcsncat calls to target_append in
      contrib/credential/wincred/git-credential-wincred.c.
    - CVE-2025-48386

 -- Hlib Korzhynskyy <email address hidden> Thu, 03 Jul 2025 15:27:43 -0230
Source diff to previous version
CVE-2025-48384 Git is a fast, scalable, distributed revision control system with an u ...
CVE-2025-48386 Git is a fast, scalable, distributed revision control system with an u ...

Version: 1:2.34.1-1ubuntu1.12 2025-01-14 22:06:48 UTC

  git (1:2.34.1-1ubuntu1.12) jammy-security; urgency=medium

  * SECURITY UPDATE: crafted URL susceptibility
    - debian/patches/CVE-2024-50349-1.patch: sanitize credentials
      in credential.c, strbuf.c, strbuf.h,
      t/t0300-credentials.sh.
    - debian/patches/CVE-2024-50349-2.patch: credential sanitize
      the user prompt in credential.c, credential.h,
      t/t0300-credentials.sh, t/t5541-http-push-smart.sh,
      t/t5550-http-fetch-dumb.sh, t/t5551-http-fetch-smart.sh.
    - CVE-2024-50349
  * SECURITY UPDATE: Git may pass on Carriage Returns
    - debian/patches/CVE-2024-52006.patch: disallow carriage
      returns in the protocol by default in credential.c,
      credential.h, t/t0300-credentials.sh.
    - CVE-2024-52006

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 13 Jan 2025 17:13:20 -0300
Source diff to previous version
CVE-2024-50349 Git is a fast, scalable, distributed revision control system with an u ...
CVE-2024-52006 Git is a fast, scalable, distributed revision control system with an u ...

Version: 1:2.34.1-1ubuntu1.11 2024-05-28 16:14:03 UTC

  git (1:2.34.1-1ubuntu1.11) jammy-security; urgency=medium

  * SECURITY UPDATE: Facilitation of arbitrary code execution
    - debian/patches/CVE-2024-32002.patch: submodule paths
      must not contains symlinks in builtin/submodule--helper.c.
    - CVE-2024-32002
  * SECURITY UPDATE: Arbitrary code execution
    - debian/patches/CVE-2024-32004.patch: detect dubious ownership of
      local repositories in path.c, setup.c, setup.h.
    - CVE-2024-32004
  * SECURITY UPDATE: Overwrite of possible malicious hardlink
    - debian/patches/CVE-2024-32020.patch: refuse clones of unsafe
      repositories in builtin/clonse.c, t0033-safe-directory.sh.
    - CVE-2024-32020
  * SECURITY UPDATE: Unauthenticated attacker to place a repository
    on their target's local system that contains symlinks
    - debian/patches/CVE-2024-32021.patch: abort when hardlinked source and
      target file differ in builtin/clone.c
    - CVE-2024-32021
  * SECURITY UPDATE: Arbitrary code execution
    - debian/patches/CVE-2024-32465.patch: disable lazy-fetching by default
      in builtin/upload-pack.c, promisor-remote.c
    - CVE-2024-32465

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 20 May 2024 09:14:17 -0300
CVE-2024-32002 Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be c
CVE-2024-32004 Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repos
CVE-2024-32020 Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking f
CVE-2024-32021 Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repositor
CVE-2024-32465 Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clon


About   -   Send Feedback to @ubuntu_updates