Debian 9821 Published by

A git security update has been released for Debian GNU/Linux 10 LTS to address several vulnerabilities.

DLA 3338-1: git security update

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3338-1 Emilio Pozuelo Monfort
February 23, 2023
- -------------------------------------------------------------------------

Package : git
Version : 1:2.20.1-2+deb10u8
CVE ID : CVE-2023-22490 CVE-2023-23946

Several vulnerabilities have been discovered in git, a fast, scalable
and distributed revision control system.


yvvdwf found a data exfiltration vulnerability while performing a local
clone from a malicious repository even using a non-local transport.


Joern Schneeweisz found a path traversal vulnerbility in git-apply
that a path outside the working tree can be overwritten as the acting

For Debian 10 buster, these problems have been fixed in version

We recommend that you upgrade your git packages.

For the detailed security status of git please refer to
its security tracker page at:

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: