-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 30 Jul 2025 21:10:52 +0300 Source: git Binary: git git-dbgsym Architecture: riscv64 Version: 1:2.47.3-0+deb13u1 Distribution: trixie Urgency: medium Maintainer: riscv64 Build Daemon (rv-manda-01) Changed-By: Adrian Bunk Description: git - fast, scalable, distributed revision control system Closes: 1108983 Changes: git (1:2.47.3-0+deb13u1) trixie; urgency=medium . * Non-maintainer upload. * New upstream release. - CVE-2025-27613: gitk: file creation/truncation after cloning untrusted repository - CVE-2025-27614: gitk: user can be tricked into running any script after cloning untrusted repository - CVE-2025-46835: git-gui: file creation/overwriting after cloning untrusted repository - CVE-2025-48384: script execution after cloning untrusted repository - CVE-2025-48385: protocol injection when fetching - Closes: #1108983 Checksums-Sha1: f0c77822ac538d19b3bccb54f9ca675619af2e68 42171212 git-dbgsym_2.47.3-0+deb13u1_riscv64.deb f66369d8f90410ce610a139059486a5e5f08eb65 9287 git_2.47.3-0+deb13u1_riscv64-buildd.buildinfo b05cbbc914b269c4659123402c4caa9d62acbd9e 8306616 git_2.47.3-0+deb13u1_riscv64.deb Checksums-Sha256: b6a153d29d36b9e1383bd99fd6439b1184571d6ad792911d862dc2393553d6a4 42171212 git-dbgsym_2.47.3-0+deb13u1_riscv64.deb 01ce9918e2ae11364ad427b7a77972f9f4e1277153f12585fd07f493a429c06b 9287 git_2.47.3-0+deb13u1_riscv64-buildd.buildinfo 736b903b7e0cb2dc16f001aaf2365b31ad1ba0eeadebdd4c685b37462dad620e 8306616 git_2.47.3-0+deb13u1_riscv64.deb Files: 849f2b37016215af7c33f3f0aa72ed56 42171212 debug optional git-dbgsym_2.47.3-0+deb13u1_riscv64.deb 0a71fe2740685c01d5e271bc4a72d6ca 9287 vcs optional git_2.47.3-0+deb13u1_riscv64-buildd.buildinfo d3f6cca659ddf6a25b787916c7318b8a 8306616 vcs optional git_2.47.3-0+deb13u1_riscv64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEr1DoflQE5rwrZmkOdH2L+FrKb9gFAmio6NgACgkQdH2L+FrK b9jNZA/+O4TtF8exgLMWRbLPT14keDGqTrzzmUQMVgYU4HE3mqWeaK1bBR3vN/ty 8jEjW/Gk9uFjyOWP+VSi3FnsSfDvLWRLR4BHmbfvR3AXySy+Sjal0O+mFfjEJmsK ypbeqcPXieDFb3niidHsAMXPMK4c2V8wSbpkmHzeTSnIm+i3DRzZDc28eHEzya4u qyIv2P7ldBbp8EUaV7B1YJDMwk9t1HUWkpKUhaWgfiQ9GwHv2UcHkvI/8VDtFkTp UsM5hkYXXFI3biOZywEMJxCPjvsj2yWbLCkh9FUSR28w3FwBNIm0TcwNGngAxyja 4Kygi4626NufNSfZQsdIGiUOy/hJGfxFUuPNThWNXhGJnMjrpNwHVFZmoGBurpJ0 lroMtIhSFQoVXsh3qBa4F9lTjkuUck04GPGGLPr74frY72p+3y/guO8a3FHhnT8O Qu4pb6SM0FleXUBJwa3mlpsuHZDrQl0sE+5p9AGhgYq7QCDl6NAISucL/pf+BK/q uCRqzzwc8yznJN8IMEnXSrvYZh8LOS0OfBACaZrLtkQV8f/vLv+IREWPpBZ+kpsQ /StxGD1HkZ6F0vRlmuoW/xmWQxcIXXofqOoGNmiwqqypFOt3Pu9DQdTtKXQNWkhh XQZMriAQjK8gWPwSan7V+g5v3X+vJAbPqsERX6MXe5ni7iO/71M= =wsqF -----END PGP SIGNATURE-----