[ubuntu/plucky-updates] git 1:2.48.1-0ubuntu1.1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Tue Jul 8 17:58:51 UTC 2025
git (1:2.48.1-0ubuntu1.1) plucky-security; urgency=medium
* SECURITY UPDATE: Code execution and file manipulation when cloning
malicious repositories.
- debian/patches/CVE-2025-27613.patch: Add argument sanitizing and replace
command instances with safe versions in gitk-git/gitk.
- debian/patches/CVE-2025-27614.patch: Remove escape_filter_paths and wrap
concat instances with list in gitk-git/gitk.
- CVE-2025-27613
- CVE-2025-27614
* SECURITY UPDATE: File overwrite when editing a file in a malicious
directory in an untrusted repository.
- debian/patches/CVE-2025-46835-pre1.patch: Remove windows specific code
in git-gui/git-gui.sh.
- debian/patches/CVE-2025-46835.patch: Add argument sanitizing, replace
command instances with safe versions, and wrap instances with list in
git-gui/git-gui.sh and other files in git-gui directory.
- CVE-2025-46835
* SECURITY UPDATE: Unintentional script execution due to improperly stripped
carriage return.
- debian/patches/CVE-2025-48384.patch: Add carriage return checks in
config.c.
- CVE-2025-48384
* SECURITY UPDATE: Protocol injection potentially leading to arbitrary code
execution.
- debian/patches/CVE-2025-48385.patch: Add URI and filename checks in
bundle-uri.c.
- CVE-2025-48385
* SECURITY UPDATE: Buffer overflow.
- debian/patches/CVE-2025-48386.patch: Add target_append function and
change wcsncat calls to target_append in
contrib/credential/wincred/git-credential-wincred.c.
- CVE-2025-48386
Date: 2025-07-02 20:12:11.733138+00:00
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/git/1:2.48.1-0ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the plucky-changes
mailing list