UbuntuUpdates.org

Package "git"

Name: git

Description:

fast, scalable, distributed revision control system

Latest version: 1:2.48.1-0ubuntu1.1
Release: plucky (25.04)
Level: updates
Repository: main
Homepage: https://git-scm.com/

Links


Download "git"


Other versions of "git" in Plucky

Repository Area Version
base main 1:2.48.1-0ubuntu1
base universe 1:2.48.1-0ubuntu1
security main 1:2.48.1-0ubuntu1.1
security universe 1:2.48.1-0ubuntu1.1
updates universe 1:2.48.1-0ubuntu1.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:2.48.1-0ubuntu1.1 2025-07-08 23:18:59 UTC

  git (1:2.48.1-0ubuntu1.1) plucky-security; urgency=medium

  * SECURITY UPDATE: Code execution and file manipulation when cloning
    malicious repositories.
    - debian/patches/CVE-2025-27613.patch: Add argument sanitizing and replace
      command instances with safe versions in gitk-git/gitk.
    - debian/patches/CVE-2025-27614.patch: Remove escape_filter_paths and wrap
      concat instances with list in gitk-git/gitk.
    - CVE-2025-27613
    - CVE-2025-27614
  * SECURITY UPDATE: File overwrite when editing a file in a malicious
    directory in an untrusted repository.
    - debian/patches/CVE-2025-46835-pre1.patch: Remove windows specific code
      in git-gui/git-gui.sh.
    - debian/patches/CVE-2025-46835.patch: Add argument sanitizing, replace
      command instances with safe versions, and wrap instances with list in
      git-gui/git-gui.sh and other files in git-gui directory.
    - CVE-2025-46835
  * SECURITY UPDATE: Unintentional script execution due to improperly stripped
    carriage return.
    - debian/patches/CVE-2025-48384.patch: Add carriage return checks in
      config.c.
    - CVE-2025-48384
  * SECURITY UPDATE: Protocol injection potentially leading to arbitrary code
    execution.
    - debian/patches/CVE-2025-48385.patch: Add URI and filename checks in
      bundle-uri.c.
    - CVE-2025-48385
  * SECURITY UPDATE: Buffer overflow.
    - debian/patches/CVE-2025-48386.patch: Add target_append function and
      change wcsncat calls to target_append in
      contrib/credential/wincred/git-credential-wincred.c.
    - CVE-2025-48386

 -- Hlib Korzhynskyy <email address hidden> Wed, 02 Jul 2025 16:12:01 -0230

CVE-2025-48384 Git is a fast, scalable, distributed revision control system with an u ...
CVE-2025-48385 Git is a fast, scalable, distributed revision control system with an u ...
CVE-2025-48386 Git is a fast, scalable, distributed revision control system with an u ...



About   -   Send Feedback to @ubuntu_updates