ELA-1565-1 git security update
ELA-1565-1 git security update
Package : git
Version : 1:2.11.0-3+deb9u13 (stretch), 1:2.20.1-2+deb10u11 (buster)
Related CVEs :
CVE-2025-27613
CVE-2025-46835
CVE-2025-48384
Multiple vulnerabilities have been discovered in git, the distributed revision
control system.
CVE-2025-27613
Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when
a user clones an untrusted repository and runs gitk without additional
command arguments, files for which the user has write permission can be
created and truncated.
CVE-2025-46835
Git GUI allows you to use the Git source control management tools via a GUI.
When a user clones an untrusted repository and is tricked into editing a
file located in a maliciously named directory in the repository, then Git
GUI can create and overwrite files for which the user has write permission.
CVE-2025-48384
When reading a config value, Git strips any trailing carriage return and line
feed (CRLF). When writing a config entry, values with a trailing CR are not
quoted, causing the CR to be lost when the config is later read. When
initializing a submodule, if the submodule path contains a trailing CR, the
altered path is read resulting in the submodule being checked out to an
incorrect location. If a symlink exists that points the altered path to the
submodule hooks directory, and the submodule contains an executable
post-checkout hook, the script may be unintentionally executed after checkout.ELA-1565-1 git security update
