Debian 10260 Published by

A git security update has been released for Debian GNU/Linux 8 and 9 Extended LTS to address several vulnerabilities.



ELA-808-1 git security update

Package : git
Version : 1:2.1.4-2.1+deb8u13 (jessie), 1:2.11.0-3+deb9u10 (stretch)

Related CVEs :
CVE-2023-22490
CVE-2023-23946

Several vulnerabilities have been discovered in git, a fast, scalable and distributed revision control system.

CVE-2023-22490
yvvdwf found a data exfiltration vulnerability while performing a local clone from a malicious repository even using a non-local transport.

CVE-2023-23946
Joern Schneeweisz found a path traversal vulnerbility in git-apply that a path outside the working tree can be overwritten as the acting user.

  ELA-808-1 git security update