| Package | git |
|---|---|
| Version | 1:2.1.4-2.1+deb8u13 (jessie), 1:2.11.0-3+deb9u10 (stretch) |
| Related CVEs | CVE-2023-22490 CVE-2023-23946 |
Several vulnerabilities have been discovered in git, a fast, scalable and distributed revision control system.
CVE-2023-22490
yvvdwf found a data exfiltration vulnerability while performing a local
clone from a malicious repository even using a non-local transport.
CVE-2023-23946
Joern Schneeweisz found a path traversal vulnerbility in git-apply
that a path outside the working tree can be overwritten as the acting
user.
For Debian 8 jessie, these problems have been fixed in version 1:2.1.4-2.1+deb8u13.
For Debian 9 stretch, these problems have been fixed in version 1:2.11.0-3+deb9u10.
We recommend that you upgrade your git packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.