Package: python-git | Debian Sources

Package: python-git / 3.1.30-1+deb12u2

Metadata

Package	Version	Patches format
python-git	3.1.30-1+deb12u2	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
CVE 2023 40267.patch \| (download)	git/repo/base.py \| 2 2 + 0 - 0 ! test/test_repo.py \| 22 22 + 0 - 0 ! 2 files changed, 24 insertions(+)	[patch] block insecure non-multi options in clone/clone_from Follow-up to #1521
CVE 2023 41040.patch \| (download)	git/refs/symbolic.py \| 2 2 + 0 - 0 ! test/test_refs.py \| 15 15 + 0 - 0 ! 2 files changed, 17 insertions(+)	fix cve-2023-41040 This change adds a check during reference resolving to see if it contains an up-level reference ('..'). If it does, it raises an exception. This fixes CVE-2023-41040, which allows an attacker to access files outside the repository's directory.

Patch

File delta

Description

CVE 2023 40267.patch | (download)

git/repo/base.py | 2 2 + 0 - 0 !
test/test_repo.py | 22 22 + 0 - 0 !
2 files changed, 24 insertions(+)

 [patch] block insecure non-multi options in clone/clone_from
 Follow-up to #1521

CVE 2023 41040.patch | (download)

git/refs/symbolic.py | 2 2 + 0 - 0 !
test/test_refs.py | 15 15 + 0 - 0 !
2 files changed, 17 insertions(+)

 fix cve-2023-41040

This change adds a check during reference resolving to see if it
contains an up-level reference ('..'). If it does, it raises an
exception.

This fixes CVE-2023-41040, which allows an attacker to access files
outside the repository's directory.