[ubuntu/jammy-updates] git 1:2.34.1-1ubuntu1.13 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Tue Jul 8 17:58:49 UTC 2025
git (1:2.34.1-1ubuntu1.13) jammy-security; urgency=medium
* SECURITY UPDATE: Code execution and file manipulation when cloning
malicious repositories.
- debian/patches/CVE-2025-27613.patch: Add argument sanitizing and replace
command instances with safe versions in gitk-git/gitk.
- CVE-2025-27613
* SECURITY UPDATE: File overwrite when editing a file in a malicious
directory in an untrusted repository.
- debian/patches/CVE-2025-46835-pre1.patch: Remove windows specific code
in git-gui/git-gui.sh.
- debian/patches/CVE-2025-46835.patch: Add argument sanitizing, replace
command instances with safe versions, and wrap instances with list in
git-gui/git-gui.sh and other files in git-gui directory.
- CVE-2025-46835
* SECURITY UPDATE: Unintentional script execution due to improperly stripped
carriage return.
- debian/patches/CVE-2025-48384.patch: Add carriage return checks in
config.c.
- CVE-2025-48384
* SECURITY UPDATE: Buffer overflow.
- debian/patches/CVE-2025-48386.patch: Add target_append function and
change wcsncat calls to target_append in
contrib/credential/wincred/git-credential-wincred.c.
- CVE-2025-48386
Date: 2025-07-03 18:32:12.668791+00:00
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/git/1:2.34.1-1ubuntu1.13
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list