[CLSA-2023:1681137249] Fix CVE(s): CVE-2022-39253
Type:
security
Severity:
Moderate
Release date:
2023-04-10 15:10:14 UTC
Description:
* SECURITY UPDATE: When cloning a repository with `--local`, Git relies on either making a hardlink or copy to every file in the "objects" directory of the source repository. As a result, malformed repository containing symbolic links pointing at the sensitive information on the victim's machine could be copied - debian/patches/CVE-2022-39253.patch: prevent copying symbolic links - debian/patches/tests-for-CVE-2022-39253.patch: tests - CVE-2022-39253
Updated packages:
  • git_2.7.4-0ubuntu1.10+tuxcare.els2_amd64.deb
    sha:66b9806704ec24b870309f16a5b3c281b0bf5927
  • git-all_2.7.4-0ubuntu1.10+tuxcare.els2_all.deb
    sha:8d81afdb9c87919ded9fc92e47974362d5346e0f
  • git-arch_2.7.4-0ubuntu1.10+tuxcare.els2_all.deb
    sha:0f8cd0500ce4b12dec9e946cdeb79ea2b4b889da
  • git-core_2.7.4-0ubuntu1.10+tuxcare.els2_all.deb
    sha:985d255142c3ac2bce40414aa0128a2872f19f01
  • git-cvs_2.7.4-0ubuntu1.10+tuxcare.els2_all.deb
    sha:339d807b3788838ec924b30d4827f69f5aad900a
  • git-daemon-run_2.7.4-0ubuntu1.10+tuxcare.els2_all.deb
    sha:95f6ba6767eca4018d5ce5ac5508c51e2d3eed4e
  • git-daemon-sysvinit_2.7.4-0ubuntu1.10+tuxcare.els2_all.deb
    sha:4b223f49a21a98827c0a7817f10c7299637581a6
  • git-doc_2.7.4-0ubuntu1.10+tuxcare.els2_all.deb
    sha:b6cc534acd1ed7f9d98d5c8aec93a591f29f7b34
  • git-el_2.7.4-0ubuntu1.10+tuxcare.els2_all.deb
    sha:0f34c7891ec698636d9527faaaeb4becd7d2d4ab
  • git-email_2.7.4-0ubuntu1.10+tuxcare.els2_all.deb
    sha:d2284b5aff701e9ed2e0fc4ffb055d5399637e1e
  • git-gui_2.7.4-0ubuntu1.10+tuxcare.els2_all.deb
    sha:adcbfb4f8742fc5445326f3ec8c2b679c8965747
  • git-man_2.7.4-0ubuntu1.10+tuxcare.els2_all.deb
    sha:6c48d2c2614f8098c6acec3f8cf3c80e6c5c83b5
  • git-mediawiki_2.7.4-0ubuntu1.10+tuxcare.els2_all.deb
    sha:e109f17790e86436606f3fd1bcfddb48d92c25c7
  • git-svn_2.7.4-0ubuntu1.10+tuxcare.els2_all.deb
    sha:c18c894f4f7bcc4c9ac235a11e26b30fbdbf5770
  • gitk_2.7.4-0ubuntu1.10+tuxcare.els2_all.deb
    sha:90e8f347cedc36408327810103a70a3348e313a0
  • gitweb_2.7.4-0ubuntu1.10+tuxcare.els2_all.deb
    sha:bead0272675de001aff71938db7a4ba399b8e75f
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.