- ------------------------------------------------------------------------- Debian Security Advisory DSA-5357-1 [email protected] https://www.debian.org/security/ Aron Xu February 23, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : git CVE ID : CVE-2023-22490 CVE-2023-23946 Debian Bug : 1031310 Brief introduction CVE-2023-22490 yvvdwf found a data exfiltration vulnerbility while performing local clone from malicious repository even using a non-local transport. CVE-2023-23946 Joern Schneeweisz found a path traversal vulnerbility in git-apply that a path outside the working tree can be overwritten as the acting user. For the stable distribution (bullseye), these problems have been fixed in version 1:2.30.2-1+deb11u2. We recommend that you upgrade your git packages. For the detailed security status of git please refer to its security tracker page at: https://security-tracker.debian.org/tracker/git Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected]