Package: git
Version: 1:2.39.5-0+deb12u1
Severity: important
X-Debbugs-Cc: [email protected]

Hi!

The last upgrade break common usage of git-backend-server,
probably the 'fix' for CVE-2024-32465.

git clone https://.... does not work anymore
>From my apache log:

[Sun Sep 15 13:25:25.468431 2024] [core:notice] [pid 1874118:tid 1874118] 
AH00094: Command line: '/usr/sbin/apache2'
fatal: detected dubious ownership in repository at 
'/home/www/git/unimodular.git'
To add an exception for this directory, call:

        git config --global --add safe.directory /home/www/git/unimodular.git

Obviously the git repository is not owned by www-data.

At minimum, the debian/changelog should include a mention of the issue and a
work-around.

Cheers,
-- 
Bill. <[email protected]>

Imagine a large red swirl here. 

Reply via email to