it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Aron Xu <aron AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 5332-1] git security update
- Date: Sun, 29 Jan 2023 16:59:53 +0000
- Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
- List-archive: https://lists.debian.org/msgid-search/E1pMB21-001zov-7v AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=o5eYNzpqj4+QZTKV3CxY5YIzWO+i68MdxFKdz09+fYc=; b=c1 63R3nLCPK6SEo21ufF/qIio69WJOJEHp1Qdls4k3AMqMeNgyPoowqVropZMH9Ja/qLBv0wvmISbN/ URRWLfoZyXHqSjK2pOYHa6NaYTqdh6cUiFWm6aZp4hwL4cO9P3DhjRBFReT8Mf39KBeABxXsash4I BUu1FRnsZ2fV6+g0Px3KITIy78Kijh1PzmovRyY4UQNydEDYrHr8pzm/SSKSaj/64I/EWiuJRJvEC Pjh4ZKh//722IYNg2g6nTuwRRIIcyIFWjUIL9MCeQraki1Itmwfz5tQj2UxRFiPBDu33sQTJUTrBy i7P62+yqcjAMGb3hsxNfdu7k9wMoxrJw==;
- Old-return-path: <aron AT seger.debian.org>
- Priority: urgent
- Resent-date: Sun, 29 Jan 2023 17:00:16 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <tbMzFPFKi5D.A.k1G.gYq1jB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5332-1 security AT debian.org
https://www.debian.org/security/ Aron Xu
January 29, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : git
CVE ID : CVE-2022-23521 CVE-2022-24765 CVE-2022-29187 CVE-2022-39253
CVE-2022-39260 CVE-2022-41903
Debian Bug : 1014848 1022046 1029114
Multiple issues were found in Git, a distributed revision control system.
An attacker may trigger remote code execution, cause local users into
executing arbitrary commands, leak information from the local filesystem,
and bypass restricted shell.
This update includes two changes of behavior that may affect certain setup:
- It stops when directory traversal changes ownership from the current
user while looking for a top-level git directory, a user could make an
exception by using the new safe.directory configuration.
- The default of protocol.file.allow has been changed from "always" to
"user".
For the stable distribution (bullseye), these problems have been fixed in
version 1:2.30.2-1+deb11u1.
We recommend that you upgrade your git packages.
For the detailed security status of git please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/git
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmPWoBQACgkQO1LKKgqv
2VQ9Ugf/amidAHmXSaPDpk9Hs52ttiUPJ6uMJRYyJI/KQ3o5eoQfdzYmVT9ACsuK
XxT7Xd5JqkHZMJyABeqm42JJgOiyV5GUx2ZrsQ3M5UE2HD2keWxaJmrkj6VlzkFs
qHOynAgprllBmw3RfHkyjybQEG4dtmiLk5+gJZK0MYxAaKzyeNi7dnLEllYOf+Xi
dn3aSk8edTVqT80jdMIfBeOn1f/Zb+9kSHyVOezku1NfYES1dnA7RaOAkKmw/JkR
HYnuxpdAfkb2K1z6LmDkLWpTQU7CbOPcPpWBWgkuD6tQmKjppx5MYuDZ+hW0y6aV
EI1gHfi7qbZ3+b+nxEa9CTvap0d8QA==
=Vh4D
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 5332-1] git security update, Aron Xu, 29.01.2023
Archiv bereitgestellt durch MHonArc 2.6.24.