-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 30 Jul 2025 21:10:52 +0300 Source: git Binary: git git-dbgsym Architecture: armel Version: 1:2.47.3-0+deb13u1 Distribution: trixie Urgency: medium Maintainer: arm Build Daemon (arm-conova-02) Changed-By: Adrian Bunk Description: git - fast, scalable, distributed revision control system Closes: 1108983 Changes: git (1:2.47.3-0+deb13u1) trixie; urgency=medium . * Non-maintainer upload. * New upstream release. - CVE-2025-27613: gitk: file creation/truncation after cloning untrusted repository - CVE-2025-27614: gitk: user can be tricked into running any script after cloning untrusted repository - CVE-2025-46835: git-gui: file creation/overwriting after cloning untrusted repository - CVE-2025-48384: script execution after cloning untrusted repository - CVE-2025-48385: protocol injection when fetching - Closes: #1108983 Checksums-Sha1: f259db17b527316bbae6d188ce7ca05bbf34a4c5 43459028 git-dbgsym_2.47.3-0+deb13u1_armel.deb d5fe4cabf8652052eb9641cc122177ab3f4e6119 9192 git_2.47.3-0+deb13u1_armel-buildd.buildinfo 51a3583a97d6a614489b03e8f10791d3240f9055 7019760 git_2.47.3-0+deb13u1_armel.deb Checksums-Sha256: 5dabe08ffbbc8c5b64c84b6a7675f162cff7440cc388694b35f47512b2d239f1 43459028 git-dbgsym_2.47.3-0+deb13u1_armel.deb ed24e1e1da9a4576f09a749b5ef6e7c2b7b701e7a8aef631201d1f9808ae241c 9192 git_2.47.3-0+deb13u1_armel-buildd.buildinfo 7512d6678e9bf08862de391cc688d5ed0fbc689200bfa8c1290216e7e33a01ad 7019760 git_2.47.3-0+deb13u1_armel.deb Files: b3fc51b902cf8a8541d3f243738ddd13 43459028 debug optional git-dbgsym_2.47.3-0+deb13u1_armel.deb ee9ff4ac8d1f2308676af73ff0d73b9e 9192 vcs optional git_2.47.3-0+deb13u1_armel-buildd.buildinfo e76f59e246d6424f3cc0a3510eedeb0a 7019760 vcs optional git_2.47.3-0+deb13u1_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEWHj9K9pO9l4btbD1OQKMdMnEH5MFAmio2xsACgkQOQKMdMnE H5MXXA//anQO3lmQzusaJOUFNN2YHCXPOZt0xKDjH6V3je0EmaD956VWs7STnJca 69eVN8st81iGo5Ttu4DjdI2MUcMKb13xA/uiC8LbPYxFykOOBL4IwklewESoMMMN irz6q6msOyutnAP4rI7BjfECIsnCHVLvq9CezkIRpBm5vugzcT2NEbalXjbDHzGN AQPUr20leV0iyjjPxflgE2Vxz5QTBmzzBxQW8Dd2f7CQEN6FTlGtFE38DT2L82+t sOn9k+UpdD/LXJX42dsm/JaXJEIC9QzkZ+J5eD5xCEetx2C/tGQG8JsJGYo0RKN1 kBqn4J/3wmJ+MZpWUnwyeTfRnjmJz/8v2eWVuVC924tI7ysMsgJ7IXwNg/qxoIlA SqFNs/zGqteoRSfutNERjS0vs6fnXGWfaiQ+q7WGGgVM/fy68dEb4+vdDVBHCq9u o21qa8Rl+rY5j28+6djkyIz9SC8IzodYV90iFUSKTfsszdWxG4lKRNVMLfbSPK4X Vt5TN50vP1wnk2A/Cr2HbP5bmzkdRZKnFQLzvXSMURFVkB74tOU8Hq2heIDPIhem s8ydj22OfJ53i9XozkyiOm+4gAuG6l5RlrnzDcyKcQ9u7M78zhDqKeu8ScIxZPJJ ZW92J21h2ERKRb/WBfd1/iN6GX+PkmTDeBdXGVT461njTG/20CM= =Qb04 -----END PGP SIGNATURE-----