UbuntuUpdates.org

Package "git"

Name: git

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • fast, scalable, distributed revision control system (all subpackages)
  • fast, scalable, distributed revision control system (cvs interoperability)
  • fast, scalable, distributed revision control system (email add-on)
  • fast, scalable, distributed revision control system (GUI)

Latest version: 1:2.48.1-0ubuntu1.1
Release: plucky (25.04)
Level: security
Repository: universe

Links



Other versions of "git" in Plucky

Repository Area Version
base main 1:2.48.1-0ubuntu1
base universe 1:2.48.1-0ubuntu1
security main 1:2.48.1-0ubuntu1.1
updates main 1:2.48.1-0ubuntu1.1
updates universe 1:2.48.1-0ubuntu1.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:2.48.1-0ubuntu1.1 2025-07-08 20:30:54 UTC

  git (1:2.48.1-0ubuntu1.1) plucky-security; urgency=medium

  * SECURITY UPDATE: Code execution and file manipulation when cloning
    malicious repositories.
    - debian/patches/CVE-2025-27613.patch: Add argument sanitizing and replace
      command instances with safe versions in gitk-git/gitk.
    - debian/patches/CVE-2025-27614.patch: Remove escape_filter_paths and wrap
      concat instances with list in gitk-git/gitk.
    - CVE-2025-27613
    - CVE-2025-27614
  * SECURITY UPDATE: File overwrite when editing a file in a malicious
    directory in an untrusted repository.
    - debian/patches/CVE-2025-46835-pre1.patch: Remove windows specific code
      in git-gui/git-gui.sh.
    - debian/patches/CVE-2025-46835.patch: Add argument sanitizing, replace
      command instances with safe versions, and wrap instances with list in
      git-gui/git-gui.sh and other files in git-gui directory.
    - CVE-2025-46835
  * SECURITY UPDATE: Unintentional script execution due to improperly stripped
    carriage return.
    - debian/patches/CVE-2025-48384.patch: Add carriage return checks in
      config.c.
    - CVE-2025-48384
  * SECURITY UPDATE: Protocol injection potentially leading to arbitrary code
    execution.
    - debian/patches/CVE-2025-48385.patch: Add URI and filename checks in
      bundle-uri.c.
    - CVE-2025-48385
  * SECURITY UPDATE: Buffer overflow.
    - debian/patches/CVE-2025-48386.patch: Add target_append function and
      change wcsncat calls to target_append in
      contrib/credential/wincred/git-credential-wincred.c.
    - CVE-2025-48386

 -- Hlib Korzhynskyy <email address hidden> Wed, 02 Jul 2025 16:12:01 -0230

CVE-2025-48384 Git is a fast, scalable, distributed revision control system with an u ...
CVE-2025-48385 Git is a fast, scalable, distributed revision control system with an u ...
CVE-2025-48386 Git is a fast, scalable, distributed revision control system with an u ...



About   -   Send Feedback to @ubuntu_updates