-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3303-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta January 31, 2023 https://wiki.debian.org/LTS - -----------------------------------------------------------------------
Package : ruby-git Version : 1.2.8-1+deb10u1 CVE ID : CVE-2022-25648 CVE-2022-46648 CVE-2022-47318 Debian Bug : 1009926 A couple of vulnerabilities were reported against ruby-git, a Ruby interface to the Git revision control system, that could lead to a command injection and execution of an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. For Debian 10 buster, these problems have been fixed in version 1.2.8-1+deb10u1. We recommend that you upgrade your ruby-git packages. For the detailed security status of ruby-git please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ruby-git Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmPYRZwACgkQgj6WdgbD S5YUGQ/+PkeeE9jqGgMdiea0rNSXXF0HMdu8hEjqCPNlB9x3imjf7YStlGfdZ48c aYFLfAh8LiQXuKnfs8ZLhQgsCfMj7DHoZ8HLvQW4Oe6HSeQ5IoTfu8nBI65umQ1p eoNszLVUNwOIzF+Un1flanGxwV5FlS+U1/lS+RLfJBV3RAHy7UPwWrdXd4d/jEw3 hlDTn7FZcdWADVvVDqXfsWjQBNUpULW8tSWw4mk7FxjUfnffxgGPN6hjZEn8wFpO q1j+90ndPi/dDu5zRPP7gFYhGj328/+DvQZyJDTaPemHoGTzQuEBJJN/wv0BOd5R pQYCp7WMoQC3AQLdx7QmGT1Y1opfR0QHZs+yhNgCrkSsrYWuY+RQNhpgWpbC5QRc Kc1E/02UOhvY5864xL8njjS78udrw7XL++XAn9zgA/ftWLl0k9iprG3yEZL05CKC tsLEiPfWdpS29Ffz0rYea2K1LOBEysKnYQxkfASai1USIGBdjckVrdkSatnpz3Hc +kzMjc09d8DHqKu38NRlRBn9epX8oIMja1UO0n95Bgh5J30+X7FD22W8O+b1b3oa g5X/W63H7PHyL33QWpAKoMY7nQzM25CS8/Iipkn+Pp5CN3Cdir4zbNnDgV2SYPkr nX1GOqTcwvjtw9PEcGKLxz4dsPQ7QErY9mww3r5q85RGpciLqko= =DgpZ -----END PGP SIGNATURE-----
