-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 30 Jul 2025 21:10:52 +0300 Source: git Binary: git git-dbgsym Architecture: i386 Version: 1:2.47.3-0+deb13u1 Distribution: trixie Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-conova-02) Changed-By: Adrian Bunk Description: git - fast, scalable, distributed revision control system Closes: 1108983 Changes: git (1:2.47.3-0+deb13u1) trixie; urgency=medium . * Non-maintainer upload. * New upstream release. - CVE-2025-27613: gitk: file creation/truncation after cloning untrusted repository - CVE-2025-27614: gitk: user can be tricked into running any script after cloning untrusted repository - CVE-2025-46835: git-gui: file creation/overwriting after cloning untrusted repository - CVE-2025-48384: script execution after cloning untrusted repository - CVE-2025-48385: protocol injection when fetching - Closes: #1108983 Checksums-Sha1: 223111f6b1877bfce2fd06e3adfdca699a759460 40341400 git-dbgsym_2.47.3-0+deb13u1_i386.deb 73cccd7f4b9d94bb667608e116b27a20a3fc4344 9241 git_2.47.3-0+deb13u1_i386-buildd.buildinfo c9db803f0c6a287dc444e93eb2304be82b6a2f47 9420296 git_2.47.3-0+deb13u1_i386.deb Checksums-Sha256: a4b86a5ccd249f9e218dda30f0218e03c628f9eea14f6fc74897530997745c8d 40341400 git-dbgsym_2.47.3-0+deb13u1_i386.deb 88dc32855eaeedb5c2b4e8b5b9d9c75952b7d160069cb9c1dd59208902f2b624 9241 git_2.47.3-0+deb13u1_i386-buildd.buildinfo c52cd668c2a8a1e313ec1d872e804f4f8a44e6eb7b68579c304ae587e9b67d05 9420296 git_2.47.3-0+deb13u1_i386.deb Files: 442728d58bbf7780a4b7be23388a7395 40341400 debug optional git-dbgsym_2.47.3-0+deb13u1_i386.deb d53bc73294c51a434768dfabec4d2091 9241 vcs optional git_2.47.3-0+deb13u1_i386-buildd.buildinfo 7eac35d3e54a441de6a58d02c04e70c6 9420296 vcs optional git_2.47.3-0+deb13u1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErwLLVsiCiGZggzpHJuP6X4A0XeIFAmio3yUACgkQJuP6X4A0 XeJhDg/+LrYUNRDw5ZQo0i5k3rpuJvCcNWk21ME6D9RJHJBo6o2gPqM8I3S8f/gt V7fR40bs5uyE4HDA7i2srUVunpBHNHmWX1Mzsl1oJyy8gZdk/Pkl9lVN3WtgX+5x wp9gwvMK/1+ZQeDy2odNzIn446ArckZIyqJAMdEKkhu1J5Sq8O+j5/cR3AbqkfdF W+wQxRqxGjuc/NO4DxNKy3OcVPzZ4SPQkWa6R2So37NhiKLet7aeYpnexScWZOFm Hz2fCzsXFqpdvW8DZ/H7bMnIOJNRBNyqtQQd/TK+gzCzVGhzwA8j7BrSgvLM3LUu Ut8t0U3TUF5pDKjEjumfVXJBHwmv7DxoM5lsGEybmDb85PZa05fEToW/k9sae3A9 p2zcC3fxab/BR74O9WgMZtzx97Iwr8qK+V/ptQ6FIApXcpE/dQw493rhhjHeA/+K TBG66+iqw91qKsI4iWuK/ZvAJmf1l+1vBJUmfSPyvARqeQrqz4BL2futfZpLgdpF 4z4l9XED4VrkGn5DU8t5fBBeMSMZEu8soeH9u6/PAG2nupy/IY1zoBmK9WjIRXR6 eCygbIWiNkEpJ6VApNdRIfgdGH0pvRgAcoZIkTpNv0mHZ2aqdOB0H2Z9jPXtRnVX nt+NxuTEwog+n2biJ0R+Ki4NZlcGjPDpkI7enMBmQJanukvWqE0= =W0Mw -----END PGP SIGNATURE-----