Changelog
git (1:2.38.1-1) unstable; urgency=medium
* new upstream release (closes: #1022046; see RelNotes/2.38.0.txt,
RelNotes/2.38.1.txt).
* Addresses the security issue CVE-2022-39253: cloning an
attacker-controlled local repository could store arbitrary files
in the ".git" directory of the destination repository.
Thanks to Cory Snider of Mirantis for reporting this
vulnerability and Taylor Blau for the mitigation.
* Addresses CVE-2022-39260: a long command string passed to a `git
shell` configured to support custom commands could overflow and
run arbitrary code.
Thanks to Kevin Backhouse of GitHub for reporting this
vulnerability and Kevin Backhouse, Jeff King, and Taylor Blau
for mitigating it.
-- Jonathan Nieder <email address hidden> Mon, 31 Oct 2022 18:32:00 -0700