-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 30 Jul 2025 21:10:52 +0300
Source: git
Binary: git git-dbgsym
Architecture: armhf
Version: 1:2.47.3-0+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: arm Build Daemon (arm-conova-01) <buildd_arm64-arm-conova-01@buildd.debian.org>
Changed-By: Adrian Bunk <bunk@debian.org>
Description:
 git        - fast, scalable, distributed revision control system
Closes: 1108983
Changes:
 git (1:2.47.3-0+deb13u1) trixie; urgency=medium
 .
   * Non-maintainer upload.
   * New upstream release.
     - CVE-2025-27613: gitk: file creation/truncation after cloning
       untrusted repository
     - CVE-2025-27614: gitk: user can be tricked into running any
       script after cloning untrusted repository
     - CVE-2025-46835: git-gui: file creation/overwriting after
       cloning untrusted repository
     - CVE-2025-48384: script execution after cloning untrusted
       repository
     - CVE-2025-48385: protocol injection when fetching
     - Closes: #1108983
Checksums-Sha1:
 a05a17af832983a0fe851e98e8432b23f8b5765f 43951156 git-dbgsym_2.47.3-0+deb13u1_armhf.deb
 598a33487aa496f202ff84350c10d8da5cda2f16 9206 git_2.47.3-0+deb13u1_armhf-buildd.buildinfo
 012c4fddb5d8b65f16b49af84f390c8ce6f3477f 6560928 git_2.47.3-0+deb13u1_armhf.deb
Checksums-Sha256:
 371408230b340acf33e2f32bd322e737d5ce7cd9f0caf9718f635eff245c304d 43951156 git-dbgsym_2.47.3-0+deb13u1_armhf.deb
 27a8bedbbb28bc2a5162d6f0c412a4b3e10dd749162b29d0c4d809f1f79a0079 9206 git_2.47.3-0+deb13u1_armhf-buildd.buildinfo
 9179b5a796c7b69d95e8439f7a66581fb43538965a4854762df798227676e81d 6560928 git_2.47.3-0+deb13u1_armhf.deb
Files:
 26df287aebf4c663ce0b08a2e8d9dd84 43951156 debug optional git-dbgsym_2.47.3-0+deb13u1_armhf.deb
 9966c381612da7126005d3a11026e87d 9206 vcs optional git_2.47.3-0+deb13u1_armhf-buildd.buildinfo
 41b860a9e2adaf2a432935065c5be5d6 6560928 vcs optional git_2.47.3-0+deb13u1_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEegRwmIwj8f99iF4m4CwlMGxHD8UFAmio2sYACgkQ4CwlMGxH
D8WMKBAAgkmCV7QDK10i8hBr/MLLCpu2QtBF/8h6NgaUd9d3ew6DW8ADkyEEmu+8
RBaGq+dlLWnwDd1lfixabeZttC6qaXo/L4yChyJ7bKZpeuHszJ+g8QKePHZp0iMf
ZiB3T+PtZq1EUL5gtmcKyxYeamDgP7LV49xM/StXotUuyNkbPhl9sVEfsR1QHTya
ccMAkrMswaIFOsPGx67c1Tls4YOR4eeKN2AwL3pH/VJXiHc3WVRrT9rtZn7t/q2z
X0mz15fW80NTWA77I+RnIAwTRbdEAIyaFHrSHGaBvzDVl4U30s7sdaq8e80vqdeS
PRHPjwl/1L2IS0iltaHL18AiqwcLmyI4Sp+iQV2TcB5i4TL1Ct4eBUAsEkFGLBiw
q18ycBx2BMp2JnfTbgujhd7rJ35uVP1E24843Ytz8/OaE63oTSptpnpVZUXx4eR3
XpC8gAwtZS8IgTI1bfNqo5hbwMcI3Q+aH3w5+vDmAa9FpC32aN9fK7i4jowp6/3m
W8Kplw3Wqk9umHSjvUyEPR7tNAH9irGwuoLqH3/PqHQoKT/ctzvo1FAtJB0040nJ
JMZ5LiyZzDq3vjJJpwzbgXvjVAKmwQ749lBv3ap+y9fAPgwy/HsZTKcN3Kfha6eg
TuLdioGa8a/Wu/bs34Q8WO8gJRSze4GaWoTwRYfKIGrdP/cZQmU=
=3ueC
-----END PGP SIGNATURE-----