-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 30 Jul 2025 21:10:52 +0300
Source: git
Binary: git git-dbgsym
Architecture: amd64
Version: 1:2.47.3-0+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) <buildd_amd64-x86-conova-01@buildd.debian.org>
Changed-By: Adrian Bunk <bunk@debian.org>
Description:
 git        - fast, scalable, distributed revision control system
Closes: 1108983
Changes:
 git (1:2.47.3-0+deb13u1) trixie; urgency=medium
 .
   * Non-maintainer upload.
   * New upstream release.
     - CVE-2025-27613: gitk: file creation/truncation after cloning
       untrusted repository
     - CVE-2025-27614: gitk: user can be tricked into running any
       script after cloning untrusted repository
     - CVE-2025-46835: git-gui: file creation/overwriting after
       cloning untrusted repository
     - CVE-2025-48384: script execution after cloning untrusted
       repository
     - CVE-2025-48385: protocol injection when fetching
     - Closes: #1108983
Checksums-Sha1:
 f5ea9fdd3850688a2357d6774fe6f7af6283683a 45096840 git-dbgsym_2.47.3-0+deb13u1_amd64.deb
 46774bd2c634f99600279fab585704873d2ad3b5 9340 git_2.47.3-0+deb13u1_amd64-buildd.buildinfo
 bb5947667cef07307ce77aeb86fd95c2a3e85472 8861572 git_2.47.3-0+deb13u1_amd64.deb
Checksums-Sha256:
 9cf7c77a23e282f1ee5d600b203bc5779c9adee0f176d103f5464e0b4f638d68 45096840 git-dbgsym_2.47.3-0+deb13u1_amd64.deb
 7261765fcdc0ef192795f3bd1e10394b25d7d0668ff45fb12d31a1a42858597b 9340 git_2.47.3-0+deb13u1_amd64-buildd.buildinfo
 3e35662fd5c46add561703e54031a1d8ad9df45811927689f0a51122b13be722 8861572 git_2.47.3-0+deb13u1_amd64.deb
Files:
 57eae88325cf591e795690a6503f0518 45096840 debug optional git-dbgsym_2.47.3-0+deb13u1_amd64.deb
 d39a13b8321845bc5e884b3472f38c2a 9340 vcs optional git_2.47.3-0+deb13u1_amd64-buildd.buildinfo
 26aa869d049c8cddc78ca94f56ad3510 8861572 vcs optional git_2.47.3-0+deb13u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEaPzFtKPtF0JrKPV5iZlfn74WV6kFAmio22kACgkQiZlfn74W
V6nUZg/7BoWdZd1+OEEK1zZgU8DHEher3BG+SzJj8t6J9Bstu5OO2buDBo9yMXow
X6aYdrEGIe2Jrov+LnM1lZWEnroK+8nCmnYwt/AB8EZFLyhUcS7wRbv41nghFFHU
Q7krwM0kZaksuqEQR2cWd8922MbVO+Ja4tGX/Qmngk/FbzfK1bGY/fV2IvrK52Ax
5wgRlhaDLhcthO7lXAd3Gk0iLAUIWe8ngbe0SnWaFbfQt2wcYKi8TgAdp01P7AXm
9NpmtswpO+5+VpNz5K1GIbMOZUp8/eC23A2E53KUCLWbUhL1eaB2EEP6JLl5Xy4k
ieluBgpM807EuFU9zy1e9UvQyu9VdqXyRlgkVl+vQpCzR5glyJ/lhgjM+gmtNzUc
M8U8sMYZkYhMcpcMs1hVHYo4SZcKh10/kP43vmtUxJ4qcI2fT31MVJ0YsO6yAQ9A
KIiy1JKKTa9zg1Tfb0WrYCyWg54gaV6KVwGErAgLvisXmZlF7Dsb/ivHXK0Y18MP
i+2AJJV1+iiaCv9SvckF5i58JMPvBUORLa47YCLLmuoFJY4X+/vuxBWT+kjjrhAb
hN/cw6gyCjdmujSpV3c3Wr1HTfmURkjQrRhy91X2DcXKGOx8d3PBZv5yNv9LKRuI
toEELsAzBmf91CuspyHa1+VrXYB5kzTEf3qS0kWDKnUvze/RtjE=
=B0yH
-----END PGP SIGNATURE-----