-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 30 Jul 2025 21:10:52 +0300 Source: git Binary: git git-dbgsym Architecture: s390x Version: 1:2.47.3-0+deb13u1 Distribution: trixie Urgency: medium Maintainer: s390x Build Daemon (zani) Changed-By: Adrian Bunk Description: git - fast, scalable, distributed revision control system Closes: 1108983 Changes: git (1:2.47.3-0+deb13u1) trixie; urgency=medium . * Non-maintainer upload. * New upstream release. - CVE-2025-27613: gitk: file creation/truncation after cloning untrusted repository - CVE-2025-27614: gitk: user can be tricked into running any script after cloning untrusted repository - CVE-2025-46835: git-gui: file creation/overwriting after cloning untrusted repository - CVE-2025-48384: script execution after cloning untrusted repository - CVE-2025-48385: protocol injection when fetching - Closes: #1108983 Checksums-Sha1: cbecfdd6ab6efeae8812a958e865d62f0c192e35 45198424 git-dbgsym_2.47.3-0+deb13u1_s390x.deb 9d76eacada4742af712d5ea593626b30671ca5d7 9202 git_2.47.3-0+deb13u1_s390x-buildd.buildinfo 17dcc39d6ccdbea529b3e3e1354c542db70e8fa7 8537268 git_2.47.3-0+deb13u1_s390x.deb Checksums-Sha256: abf93f27dc29cd455e6217a14693a10eb123cc0e2b1c920c083366f084c9fbcc 45198424 git-dbgsym_2.47.3-0+deb13u1_s390x.deb 03a6dddce1039470b99ce8fb3a568dcaa9f52f23fa6952233cf3476dc8f6e771 9202 git_2.47.3-0+deb13u1_s390x-buildd.buildinfo 95ab279944d263aff75efb4d47e3e32e5e30182eae6c9713fbc8bc21d6d17d24 8537268 git_2.47.3-0+deb13u1_s390x.deb Files: 686eba951b20651f18831a47a24d1372 45198424 debug optional git-dbgsym_2.47.3-0+deb13u1_s390x.deb fba6f7694fc9a3ae84b9e2ce227ab064 9202 vcs optional git_2.47.3-0+deb13u1_s390x-buildd.buildinfo d6aaa95eb93185dba57fc0d0aeccb675 8537268 vcs optional git_2.47.3-0+deb13u1_s390x.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEgh4msZ+e2PZfd5KckaCrxAR3BY0FAmipFeoACgkQkaCrxAR3 BY1gnRAAsqSBfYiMIqDmMfyGxb215ZYqfUqd/6G90D8cGmF7GUBqZQxFf2JQvVjW afXXlE1qKGxiuJLZLqiSnyvKAxrk4KwjPag1m6Knmdgcmf05BvMjd3Gzh50TBr/I 0vWrmG/AtGgCBXhuNGFMuChJjO87OtT4Pp84qIkLabtQWGHeB9Yp3/CYC8O1dOmU +i3/ZsrSRVbi4MGjMGv1/KSslYHwbY2x7JMvz5ZFMxRztHU+tC+PUeeFny8E/3lF Eahdzin+zXwxCGePdGognSMzCUK3+R/8Mrrg2AGVMSTLo362BH1BJLWe1YwkAERK LXXhRMCQof/NqiaUxd0z+EGo6mFpW/DOkAvKBT9TUh8irNTFjV+50Z3ZY8MBJkKP ysbAeyzFXy13c4e+G0khqqqxkl8FxMidlnqsYeMkZwQj/VX87SXAxc+GWLjhfgXm Yqrvg1xH1Y/pRQauT/SBsmxoGCzpzEtPW9i60BJVvbIDfcJm2JOecTuuy+/lk0RD OGZFedeq+vIHUvWUFD7+EyDfex0EE/O/7/WMQYNxk7GSArGUHx+Kv5ZiluSCFx3V XoA57iraHxFd6DyvOIllVnLClCoDFTysL2m5UCMXYIpgfBztRIy/PH323mBIUxNC YmF/cTPVg1ls81WHTTiiXuLwz2Q33P5hXfd9PUdbLAH10meof3s= =CG2A -----END PGP SIGNATURE-----