git 1:2.20.1-2ubuntu1.19.10.3 source package in Ubuntu
Changelog
git (1:2.20.1-2ubuntu1.19.10.3) eoan-security; urgency=medium
* SECURITY UPDATE: credential helper issue with missing host or scheme
- debian/patches/CVE-2020-11008-1.patch: make "quit" helper more
realistic in t/t0300-credentials.sh.
- debian/patches/CVE-2020-11008-2.patch: use more realistic inputs in
t/t0300-credentials.sh.
- debian/patches/CVE-2020-11008-3.patch: parse URL without host as
empty host, not unset in credential.c, http.c,
t/t0300-credentials.sh.
- debian/patches/CVE-2020-11008-4.patch: refuse to operate when missing
host or protocol in credential.c, t/t0300-credentials.sh.
- debian/patches/CVE-2020-11008-5.patch: convert gitmodules url to URL
passed to curl in fsck.c, t/t7416-submodule-dash-url.sh.
- debian/patches/CVE-2020-11008-6.patch: die() when parsing invalid
urls in credential.c, t/t0300-credentials.sh.
- debian/patches/CVE-2020-11008-7.patch: treat URL without scheme as
invalid in credential.c, fsck.c, t/t5550-http-fetch-dumb.sh,
t/t7416-submodule-dash-url.sh.
- debian/patches/CVE-2020-11008-8.patch: treat URL with empty scheme as
invalid in credential.c, t/t5550-http-fetch-dumb.sh,
t/t7416-submodule-dash-url.sh.
- debian/patches/CVE-2020-11008-9.patch: reject URL with empty host in
.gitmodules in fsck.c, t/t7416-submodule-dash-url.sh.
- CVE-2020-11008
-- Marc Deslauriers <email address hidden> Mon, 20 Apr 2020 12:18:11 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Eoan
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- vcs
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| git_2.20.1.orig.tar.xz | 5.1 MiB | 9d2e91e2faa2ea61ba0a70201d023b36f54d846314591a002c610ea2ab81c3e9 |
| git_2.20.1-2ubuntu1.19.10.3.debian.tar.xz | 627.0 KiB | f5e0e0453205723b0cfa7751b10f3d368ced6cfc60db2d24c1a0f025e9559c59 |
| git_2.20.1-2ubuntu1.19.10.3.dsc | 2.9 KiB | 6f26214007543efbf4d7856bb9c8834e7a5f61132ca08542d3a42721be6a922b |
Available diffs
Binary packages built by this source
- git: No summary available for git in ubuntu eoan.
No description available for git in ubuntu eoan.
- git-all: No summary available for git-all in ubuntu eoan.
No description available for git-all in ubuntu eoan.
- git-cvs: No summary available for git-cvs in ubuntu eoan.
No description available for git-cvs in ubuntu eoan.
- git-daemon-run: No summary available for git-daemon-run in ubuntu eoan.
No description available for git-daemon-run in ubuntu eoan.
- git-daemon-sysvinit: No summary available for git-daemon-sysvinit in ubuntu eoan.
No description available for git-daemon-sysvinit in ubuntu eoan.
- git-dbgsym: No summary available for git-dbgsym in ubuntu eoan.
No description available for git-dbgsym in ubuntu eoan.
- git-doc: No summary available for git-doc in ubuntu eoan.
No description available for git-doc in ubuntu eoan.
- git-el: No summary available for git-el in ubuntu eoan.
No description available for git-el in ubuntu eoan.
- git-email: No summary available for git-email in ubuntu eoan.
No description available for git-email in ubuntu eoan.
- git-gui: No summary available for git-gui in ubuntu eoan.
No description available for git-gui in ubuntu eoan.
- git-man: No summary available for git-man in ubuntu eoan.
No description available for git-man in ubuntu eoan.
- git-mediawiki: No summary available for git-mediawiki in ubuntu eoan.
No description available for git-mediawiki in ubuntu eoan.
- git-svn: No summary available for git-svn in ubuntu eoan.
No description available for git-svn in ubuntu eoan.
- gitk: No summary available for gitk in ubuntu eoan.
No description available for gitk in ubuntu eoan.
- gitweb: No summary available for gitweb in ubuntu eoan.
No description available for gitweb in ubuntu eoan.
