-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 30 Jul 2025 21:10:52 +0300
Source: git
Binary: git git-dbgsym
Architecture: arm64
Version: 1:2.47.3-0+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: arm Build Daemon (arm-conova-03) <buildd_arm64-arm-conova-03@buildd.debian.org>
Changed-By: Adrian Bunk <bunk@debian.org>
Description:
 git        - fast, scalable, distributed revision control system
Closes: 1108983
Changes:
 git (1:2.47.3-0+deb13u1) trixie; urgency=medium
 .
   * Non-maintainer upload.
   * New upstream release.
     - CVE-2025-27613: gitk: file creation/truncation after cloning
       untrusted repository
     - CVE-2025-27614: gitk: user can be tricked into running any
       script after cloning untrusted repository
     - CVE-2025-46835: git-gui: file creation/overwriting after
       cloning untrusted repository
     - CVE-2025-48384: script execution after cloning untrusted
       repository
     - CVE-2025-48385: protocol injection when fetching
     - Closes: #1108983
Checksums-Sha1:
 a44a1dfc6f58f8d5a96eac28950da7fd98d664a6 44144344 git-dbgsym_2.47.3-0+deb13u1_arm64.deb
 b2ffd0ce777fdfcddaccdbb0618c3be69b4aec80 9336 git_2.47.3-0+deb13u1_arm64-buildd.buildinfo
 dac3541a184cbadf9424aba0709c77058bc86b02 8665568 git_2.47.3-0+deb13u1_arm64.deb
Checksums-Sha256:
 f5e3c57e305998352d36903f6639cf23d0e7eb10f95d447207c7e9ce04789123 44144344 git-dbgsym_2.47.3-0+deb13u1_arm64.deb
 557c8e66826b8b0e1a6c07278843baa4fded9150212bb3155bc502d92b82f4a3 9336 git_2.47.3-0+deb13u1_arm64-buildd.buildinfo
 8c6b1e96b226211260d7814472215a8a1ed38ee37400c421d454391c1807cb5a 8665568 git_2.47.3-0+deb13u1_arm64.deb
Files:
 908e41f8c47f1e6cd1c5b4a892ceea8b 44144344 debug optional git-dbgsym_2.47.3-0+deb13u1_arm64.deb
 392967ca3e26a2b8726dd4f16a6017be 9336 vcs optional git_2.47.3-0+deb13u1_arm64-buildd.buildinfo
 32448034e5535d3571213e4248b798ed 8665568 vcs optional git_2.47.3-0+deb13u1_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEVM4SKBZumztS8zr3lST9Us03ywsFAmio2wIACgkQlST9Us03
ywvFsBAAsETKSx49YMhwBG8uoND3tLN6ELbDZEKB9T2VcgXQpXp5tP6MM5AwMQ7j
KmeJzmyPZHcdX2iiMyMTQKegwvLhL+XLahXL6L8T677loRxtk7eoNOaq6Nv3EA62
4B1knHUgIyr9WOOVokePoc8JD5r9LM00UGTDscHSJShYTPje9YAkJnLgYyd3tG+b
2noPfoP6e5shOP9og1IeBfnxeMlZZMqXg5HwojsPUm1BzcWvtHNVRP0twLjm9Xl9
t9M7JCm8x+pUUHGnY+uzjzteyPOMOvCUhgCkbLwDfe48KdzL5DE0wpTaBsEk3ptZ
sl90MsiCEtknVHimpLUXc0784q7dv4rC1wgG7FW81na1mKqGRHS2uaQtdu7uRhkJ
2n0fhoR2S5Kur7eOZ/gWCnRwL70CNEoOcvzURAyR4JKW0di+WJcG1mz0rn4q9ux0
UPW9BAgBS2R4xCRbPblIxOrLPXpdQRbnNRN/4HTID7KRUhtX7lkj3cu7bw09y5ky
sUTaQhbckBOFlDpGQVr9P00q/KLkAFzjVRWBKdlWMUmRv6SRP7ySWBl7iVU7GEsb
zINkFh/uqMjj24UJe+TTJA84sf9LnIxkkMLi2KaW5wqvObMesb6vbb2nEzhnrug7
rBylV2HrIQHmDC1hCJf0cOKJ4auRFLZrpmVPBwonIRfRwcuwwBI=
=iBPQ
-----END PGP SIGNATURE-----