-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 30 Jul 2025 21:10:52 +0300
Source: git
Architecture: source
Version: 1:2.47.3-0+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Jonathan Nieder <jrnieder@gmail.com>
Changed-By: Adrian Bunk <bunk@debian.org>
Closes: 1108983
Changes:
 git (1:2.47.3-0+deb13u1) trixie; urgency=medium
 .
   * Non-maintainer upload.
   * New upstream release.
     - CVE-2025-27613: gitk: file creation/truncation after cloning
       untrusted repository
     - CVE-2025-27614: gitk: user can be tricked into running any
       script after cloning untrusted repository
     - CVE-2025-46835: git-gui: file creation/overwriting after
       cloning untrusted repository
     - CVE-2025-48384: script execution after cloning untrusted
       repository
     - CVE-2025-48385: protocol injection when fetching
     - Closes: #1108983
Checksums-Sha1:
 ee3209ec18d30a2cd71330998debf84c51431edc 2702 git_2.47.3-0+deb13u1.dsc
 408774745b5dadeddcf1e7223201927123e504ea 7657416 git_2.47.3.orig.tar.xz
 7242067a7c86f70fbd239d3d479a855b0ce320b9 793112 git_2.47.3-0+deb13u1.debian.tar.xz
Checksums-Sha256:
 41ee783af84774dfab31ff6af54a07f70513dd09914e2d622626f4dfecae0a86 2702 git_2.47.3-0+deb13u1.dsc
 9c2eb1250781b3e5bfef098572d07fdf132d67e6c065e4307332ade9819a1501 7657416 git_2.47.3.orig.tar.xz
 db44b90ab928d41959f5945a49fcaa101385a4bd085b118b5fd40162a0a84066 793112 git_2.47.3-0+deb13u1.debian.tar.xz
Files:
 14b7604dd821e2f027cf46b336f9413b 2702 vcs optional git_2.47.3-0+deb13u1.dsc
 467860ca61d8840cda3fb10db687f771 7657416 vcs optional git_2.47.3.orig.tar.xz
 f42dbbc65c6800848bb2aa481e3fd8e4 793112 vcs optional git_2.47.3-0+deb13u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmioOagACgkQiNJCh6LY
mLEntA/6A83dw3PrPSwn8BF8B+q/GVsTvYNRU5YfKiYTMdKp+8K3DP8BL15xxRqf
jU4EiOfZ29RixiBdwc868qw5xaJEZePmEYTC2oOaAygdzOnyfC9L9yAfHattD8XS
COTZs8+12CIYBuvGBMxdudHaMKypk6MRz++zg4Cd7qiP8/w/GflxfXp/vYVZnJF1
8E+iPmB/XlwXQkE5wNVbNSEJ9NpWxf1CAKXDe4sALS7kNRwj3Zfqdh6lZXfqspFe
xxYjlV2yzzdipohygkyQeBHaT9uT7dIU5UJ6g28gSODy9dZNsWrjAPsFJ9uIicix
AtXo1RSHdj1Nax1LU953J6NNUXImpTj8IbTgwaIGeyQo8bi82Lo0vQdX9/pnqIaS
bx7lI9cuTtgNaLFN3lAJVfzXLDP+ssr0Op5AL3soWxENLi3jNawctig2rE8Ned3Q
7OVz6u3Jv0G44Wfqoa7V+lzcpP0hkYtI4P8OEAB6zoPUrx2maKubSe1k+O+/Uwp3
OMbktEeVXE4aIXTPrW0CLVxXqty/A5jF9YXr4vq8Fj3Rg/7NoOnHfvZkwmci/Mm+
ubnFGHr+c9vY3ON+ias6hdTLj14MwALJ0hTDCdHdmcTuHOekNuMuK/ciWNcYRFve
a2FAhKGtWin0tHFgVfy4vZK3fhkjk+Xii8iQ9Z76JCI6SK+Xr54=
=0ZPE
-----END PGP SIGNATURE-----