UbuntuUpdates.org

Package "git-cvs"

Name: git-cvs

Description:

fast, scalable, distributed revision control system (cvs interoperability)

Latest version: 1:2.43.0-1ubuntu7.1
Release: noble (24.04)
Level: security
Repository: universe
Head package: git
Homepage: https://git-scm.com/

Links


Download "git-cvs"


Other versions of "git-cvs" in Noble

Repository Area Version
base universe 1:2.43.0-1ubuntu7
updates universe 1:2.43.0-1ubuntu7.1

Changelog

Version: 1:2.43.0-1ubuntu7.1 2024-05-28 16:14:05 UTC

  git (1:2.43.0-1ubuntu7.1) noble-security; urgency=medium

  * SECURITY UPDATE: Facilitation of arbitrary code execution
    - debian/patches/CVE-2024-32002.patch: submodule paths
      must not contains symlinks in builtin/submodule--helper.c.
    - CVE-2024-32002
  * SECURITY UPDATE: Arbitrary code execution
    - debian/patches/CVE-2024-32004.patch: detect dubious ownership of
      local repositories in path.c, setup.c, setup.h.
    - CVE-2024-32004
  * SECURITY UPDATE: Overwrite of possible malicious hardlink
    - debian/patches/CVE-2024-32020.patch: refuse clones of unsafe
      repositories in builtin/clonse.c, t0033-safe-directory.sh.
    - CVE-2024-32020
  * SECURITY UPDATE: Unauthenticated attacker to place a repository
    on their target's local system that contains symlinks
    - debian/patches/CVE-2024-32021.patch: abort when hardlinked source and
      target file differ in builtin/clone.c
    - CVE-2024-32021
  * SECURITY UPDATE: Arbitrary code execution
    - debian/patches/CVE-2024-32465.patch: disable lazy-fetching by default
      in builtin/upload-pack.c, promisor-remote.c
    - CVE-2024-32465

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 20 May 2024 08:15:04 -0300

CVE-2024-32002 Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be c
CVE-2024-32004 Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repos
CVE-2024-32020 Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking f
CVE-2024-32021 Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repositor
CVE-2024-32465 Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clon



About   -   Send Feedback to @ubuntu_updates