-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 30 Jul 2025 21:10:52 +0300 Source: git Binary: git-all git-cvs git-doc git-email git-gui git-man git-mediawiki git-svn gitk gitweb Architecture: all Version: 1:2.47.3-0+deb13u1 Distribution: trixie Urgency: medium Maintainer: all Build Daemon (x86-grnet-02) Changed-By: Adrian Bunk Description: git-all - fast, scalable, distributed revision control system (all subpacka git-cvs - fast, scalable, distributed revision control system (cvs interope git-doc - fast, scalable, distributed revision control system (documentatio git-email - fast, scalable, distributed revision control system (email add-on git-gui - fast, scalable, distributed revision control system (GUI) git-man - fast, scalable, distributed revision control system (manual pages git-mediawiki - fast, scalable, distributed revision control system (MediaWiki re git-svn - fast, scalable, distributed revision control system (svn interope gitk - fast, scalable, distributed revision control system (revision tre gitweb - fast, scalable, distributed revision control system (web interfac Closes: 1108983 Changes: git (1:2.47.3-0+deb13u1) trixie; urgency=medium . * Non-maintainer upload. * New upstream release. - CVE-2025-27613: gitk: file creation/truncation after cloning untrusted repository - CVE-2025-27614: gitk: user can be tricked into running any script after cloning untrusted repository - CVE-2025-46835: git-gui: file creation/overwriting after cloning untrusted repository - CVE-2025-48384: script execution after cloning untrusted repository - CVE-2025-48385: protocol injection when fetching - Closes: #1108983 Checksums-Sha1: 00ae379c5df11975e49ebb4c2c7395da1c6cd9b2 1066904 git-all_2.47.3-0+deb13u1_all.deb 7df8744e3b642a68e1c1721b9b9e1d8985e413c7 1129848 git-cvs_2.47.3-0+deb13u1_all.deb 79c2e97126b312a5147f5c7c718030dd1a74cd3d 2306512 git-doc_2.47.3-0+deb13u1_all.deb acc10a08ef8ba295a583022f6c744b79cdb8f532 1096040 git-email_2.47.3-0+deb13u1_all.deb 02c67348a523b2c88e805d8aee596df7b6cf8553 1285584 git-gui_2.47.3-0+deb13u1_all.deb f3d9cde672d8833f93805a3174539e9902fc6834 2204692 git-man_2.47.3-0+deb13u1_all.deb dc159d3f38fc7c77b5b6e9ba23954bb206da6fe2 1083116 git-mediawiki_2.47.3-0+deb13u1_all.deb 37bf23208b76808f2261144205dd07fecd8c3618 1142592 git-svn_2.47.3-0+deb13u1_all.deb c4caaa8fafa7a6fdcf04ee3d93595f19f6e626e2 11938 git_2.47.3-0+deb13u1_all-buildd.buildinfo 43bdad9863ab3319059f874c0341a499cfb3be4f 1203620 gitk_2.47.3-0+deb13u1_all.deb aa7a91bdcc2f4caf9191d2155b382b1aca3b78f5 1070524 gitweb_2.47.3-0+deb13u1_all.deb Checksums-Sha256: 32dee860c58b09d2e81f4b1ff21d0842435ac1082014c6cef5f7cce11eefe9b9 1066904 git-all_2.47.3-0+deb13u1_all.deb ccac3c8d238405c306fee19e27176606b20b8efa59e32e6744263de9353db5ff 1129848 git-cvs_2.47.3-0+deb13u1_all.deb 5051bf2c067c96b7622632d82895f89720f70ec64c2bda10a1b8311b0538df48 2306512 git-doc_2.47.3-0+deb13u1_all.deb 7230b3e18a24b425e29afa6cba535d30f9f911fece704032c5853792b87618d8 1096040 git-email_2.47.3-0+deb13u1_all.deb db7a0e61e19144e59192a080642d5a123ee31fff05422471e26cdb6f7759ae18 1285584 git-gui_2.47.3-0+deb13u1_all.deb b58306b60e1dff920e1e18bc7e1e499f2ef75184190ab3d98657b165969bf7c9 2204692 git-man_2.47.3-0+deb13u1_all.deb 05f1575e05612f84ef3069c69fa5e5a2321ed95d62568ec2ac04e55c5332f326 1083116 git-mediawiki_2.47.3-0+deb13u1_all.deb 9d63b957c0fa2d94034ce191b4c7f78a8acae5eaffe227885121ef84ea188210 1142592 git-svn_2.47.3-0+deb13u1_all.deb 53b20abe2322681d8a5ee73bdb1a7c9bf49a29b209ad4dbddf739a0de83e0516 11938 git_2.47.3-0+deb13u1_all-buildd.buildinfo d6bff48078b3458977ff96b72fc2e5a02ce0fd260db006ee78c2d94969a367ed 1203620 gitk_2.47.3-0+deb13u1_all.deb 73ba88d5bcc498038511dfb3c8746ddf9ea476fc3bbe28d02694c58f5e6faf0e 1070524 gitweb_2.47.3-0+deb13u1_all.deb Files: 55d45b0bba6e973c90f14356447e2812 1066904 vcs optional git-all_2.47.3-0+deb13u1_all.deb 6d179d73ff44dbb09eef02f7d70fdf11 1129848 vcs optional git-cvs_2.47.3-0+deb13u1_all.deb 05e90c6c5dc635478b96bcebdbcfb48e 2306512 doc optional git-doc_2.47.3-0+deb13u1_all.deb 08a34b3a31f71ee21b5500c423fbce34 1096040 vcs optional git-email_2.47.3-0+deb13u1_all.deb 45ed448102f9ad139a4c64e71d79ec9e 1285584 vcs optional git-gui_2.47.3-0+deb13u1_all.deb f41414429e2df83fd81b105642abe7ba 2204692 doc optional git-man_2.47.3-0+deb13u1_all.deb 45510cb273e9af3f19e0245f7811c594 1083116 vcs optional git-mediawiki_2.47.3-0+deb13u1_all.deb 454855513503580f4708a4111bb53127 1142592 vcs optional git-svn_2.47.3-0+deb13u1_all.deb 9692c2dd7ba485b235a35229fa64f047 11938 vcs optional git_2.47.3-0+deb13u1_all-buildd.buildinfo 8c72f4534fd29f4e0bade803f98ae680 1203620 vcs optional gitk_2.47.3-0+deb13u1_all.deb d234de64a8cae6627d1e7599d9b5a053 1070524 vcs optional gitweb_2.47.3-0+deb13u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEj4Fym5GgeZdPqKhrJm69HxMTN+oFAmio2fgACgkQJm69HxMT N+rooxAAl4eDTIT3BWFCdrfE8wTrgTm+DSSvXiKpdOAL7XC3p5oyWxWmxDU2DrWv ATJ8T6GKcpYJEvOpYzb0gNzqBuswA3PFJW3l6skms8uNAFrcav4CXe4Se1D2W6HJ qZK137axy065HWmMKOFvqLH8G7xJSrQ6zx9lobnEoFjBlKJKyg2A+gJ/4yID86LB 71/xBOwROGJ5biYltLEGIf9GbLyUefquUmHSZjE4GvLdFRzpYT9W32HwNcDT22/L nWt65bE8P9j1LI1cwZ3TE3OCwH1FwHH0XJ7tPd4x2kqPjmRLzsBMg/mt8xl4hQOY SxML4X8LzB00murrTqZ64pbzGBlsp7m9LXpZW8GP/L2r0wX0ViYC4lsdPUPyh6Ga lPY3OcIChjfuN8vons9oQtw4JtxFoz5eg7EzRQdxBt1av/EeOEDJkNleVI9LZ9Q1 JJ++ogjaL95Lb3tEO3k0yEu4NdB2ZDmSyLf1OjNOJp13bDRxA6nKw2bwrwb/eV3E NvzGfYY4rRzbaHSiLrpgB5IqmZeoxk/PnY5HdBlD2OEbDMRz9BouP7jOnBiHiJqx GWgRABTNdUR/TfJirCbme/IhaQ/S9FxSsiaNfl96VEtJ2OfN1QP3NyEcwH8gWnBu 5OrGvu0x/TaUZ7BF5k+aToH5F5HoHC1aQ+6UhBjbmQueBXgoevU= =I2Ki -----END PGP SIGNATURE-----