New Debian git 1:2.39.5-0+deb12u2 fixes: This update addresses the following issues: * * git: Git does not sanitize URLs when asking for credentials interactively (CVE-2024-50349) * git: Newline confusion in credential helpers can lead to credential exfiltration in git (CVE-2024-52006)
--- mirror/ftp/pool/main/g/git/git_2.39.5-0+deb12u1.dsc +++ apt/ucs_5.2-0-errata5.2-0/source/git_2.39.5-0+deb12u2.dsc @@ -1,3 +1,11 @@ +1:2.39.5-0+deb12u2 [Sat, 11 Jan 2025 20:46:03 +0100] Salvatore Bonaccorso <carnil@debian.org>: + + * Non-maintainer upload by the Security Team. + * credential_format(): also encode <host>[:<port>] + * credential: sanitize the user prompt (CVE-2024-50349) + * credential: disallow Carriage Returns in the protocol by default + (CVE-2024-52006) + 1:2.39.5-0+deb12u1 [Sun, 16 Jun 2024 17:37:10 +0000] Jonathan Nieder <jrnieder@gmail.com>: * new upstream point release (see RelNotes/2.39.3.txt, <http://piuparts.knut.univention.de/5.2-0/#7939260650419973799>
OK: bug OK: yaml OK: announce_errata OK: patch ~OK: piuparts postrm fail due to folder dosen't exist [5.2-0] da41c73aba Bug #57911: git 1:2.39.5-0+deb12u2 doc/errata/staging/git.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.2x1>