Package: python-git / 3.1.30-1+deb12u2
Metadata
Package | Version | Patches format |
---|---|---|
python-git | 3.1.30-1+deb12u2 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
CVE 2023 40267.patch | (download) |
git/repo/base.py |
2 2 + 0 - 0 ! |
[patch] block insecure non-multi options in clone/clone_from Follow-up to #1521 |
CVE 2023 41040.patch | (download) |
git/refs/symbolic.py |
2 2 + 0 - 0 ! |
fix cve-2023-41040 This change adds a check during reference resolving to see if it contains an up-level reference ('..'). If it does, it raises an exception. This fixes CVE-2023-41040, which allows an attacker to access files outside the repository's directory. |
1