UbuntuUpdates.org

Package "git"

Name: git

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • fast, scalable, distributed revision control system (all subpackages)
  • fast, scalable, distributed revision control system (cvs interoperability)
  • fast, scalable, distributed revision control system (git-daemon service)
  • fast, scalable, distributed revision control system (git-daemon service)
Latest version: 1:2.25.1-1ubuntu3.11
Release: focal (20.04)
Level: updates
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "git" in Focal

Repository Area Version
base main 1:2.25.1-1ubuntu3
base universe 1:2.25.1-1ubuntu3
security main 1:2.25.1-1ubuntu3.11
security universe 1:2.25.1-1ubuntu3.11
updates main 1:2.25.1-1ubuntu3.11

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:2.25.1-1ubuntu3.5 2022-07-13 13:07:26 UTC

  git (1:2.25.1-1ubuntu3.5) focal-security; urgency=medium

  * SECURITY UPDATE: Potential arbitrary code execution
    - debian/patches/CVE-2022-29187-1.patch: adds test to
      regression git needs safe.directory when using sudo in
      t/t0034-root-safe-directory.sh.
    - debian/patches/CVE-2022-29187-2.patch: avoid failing dir ownership
      checks if running privileged in git-compat-util.h,
      t/t0034-root-safe-directory.sh.
    - debian/patches/CVE-2022-29187-3.patch: add negative tests
      and allow git init to mostly work under sudo in
      t/lib-sudo.sh b/t/lib-sudo.sh.
    - debian/patches/CVE-2022-29187-4.patch: allow root
      to access both SUDO_UID and root owned in git-compat-util.h,
      t/t0034-root-safe-directory.sh.
    - debian/patches/CVE-2022-29187-5.patch: add tests for safe.directory
      in t/t0033-safe-directory.sh, setup.c.
    - debian/patches/CVE-2022-29187-6.patch: tighten ownership checks
      post CVE-2022-24765 in setup.c.
    - CVE-2022-29187

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 05 Jul 2022 12:13:30 -0300
Source diff to previous version
CVE-2022-29187 Git is a distributed revision control system. Git prior to versions 2. ...
CVE-2022-24765 Git for Windows is a fork of Git containing Windows-specific patches. ...

Version: 1:2.25.1-1ubuntu3.4 2022-04-26 16:06:29 UTC

  git (1:2.25.1-1ubuntu3.4) focal-security; urgency=medium

  * SECURITY REGRESSION: Previous update was incomplete causing regressions
    and not correctly fixing the issue.
    - debian/patches/CVE-2022-24765-5.patch: fix safe.directory
      key not being checked in setup.c.
    - debian/patches/CVE-2022-24765-6.patch:
      opt-out of check with safe.directory=* in setup.c. (LP: #1970260)

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 25 Apr 2022 20:21:34 -0300
Source diff to previous version
CVE-2022-24765 Git for Windows is a fork of Git containing Windows-specific patches. ...

Version: 1:2.25.1-1ubuntu3.3 2022-04-12 21:06:24 UTC

  git (1:2.25.1-1ubuntu3.3) focal-security; urgency=medium

  * SECURITY UPDATE: Run commands in diff users
    - debian/patches/CVE-2022-24765-*.patch: fix GIT_CEILING_DIRECTORIES; add
      an owner check for the top-level-directory; add a function to
      determine whether a path is owned by the current user in patch.c,
      t/t0060-path-utils.sh, setup.c, compat/mingw.c, compat/mingw.h,
      git-compat-util.h.
    - CVE-2022-24765

 -- Leonidas Da Silva Barbosa <email address hidden> Fri, 08 Apr 2022 09:57:16 -0300
Source diff to previous version
CVE-2022-24765 Git for Windows is a fork of Git containing Windows-specific patches. ...

Version: 1:2.25.1-1ubuntu3.2 2021-09-13 10:06:44 UTC

  git (1:2.25.1-1ubuntu3.2) focal-security; urgency=medium

  * SECURITY UPDATE: cross-protocol request via newline character in repo path
    - debian/patches/CVE-2021-40330.patch: forbid newline in git:// hosts and
      repo paths
    - CVE-2021-40330

 -- Spyros Seimenis <email address hidden> Thu, 09 Sep 2021 14:42:33 +0300
Source diff to previous version
CVE-2021-40330 git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-proto

Version: 1:2.25.1-1ubuntu3.1 2021-03-09 20:07:12 UTC

  git (1:2.25.1-1ubuntu3.1) focal-security; urgency=medium

  * SECURITY UPDATE: remote code exec during clone on case-insensitive FS
    - debian/patches/CVE-2021-21300.patch: fix bug that makes checkout
      follow symlinks in leading path in cache.h, compat/mingw.c,
      git-compat-util.h, run-command.c, symlinks.c, t/t0021-conversion.sh,
      t/t0021/rot13-filter.pl, t/t2006-checkout-index-basic.sh,
      unpack-trees.c.
    - CVE-2021-21300

 -- Marc Deslauriers <email address hidden> Thu, 04 Mar 2021 08:01:28 -0500
CVE-2021-21300 RESERVED


About   -   Send Feedback to @ubuntu_updates