Debian package news for python-git

Does not build reproducibly during testing

Sun, 24 May 2026 21:02:27 +0000

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

python-git 3.1.50-1 MIGRATED to testing

Mon, 18 May 2026 04:42:48 +0000

From: [email protected]" target="_blank">Debian testing watch <[email protected]>
Subject: python-git 3.1.50-1 MIGRATED to testing
To: [email protected]" target="_blank"> <[email protected]>
Date: Mon, 18 May 2026 04:39:14 +0000

FYI: The status of the python-git source package
in Debian's testing distribution has changed.

  Previous version: 3.1.46-1
  Current version:  3.1.50-1

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

4 security issues in trixie

Mon, 18 May 2026 01:00:08 +0000

There are 4 open security issues in trixie.

4 important issues:

CVE-2026-42215: GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs upload_pack and receive_pack bypass that check. If an application passes attacker-controlled kwargs into Repo.clone_from(), Remote.fetch(), Remote.pull(), or Remote.push(), this leads to arbitrary command execution even when allow_unsafe_options is left at its default value of False. This issue has been patched in version 3.1.47.
CVE-2026-42284: GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)). A string like "--branch main --config core.hooksPath=/x" passes validation (starts with --branch), but after split becomes ["--branch", "main", "--config", "core.hooksPath=/x"]. Git applies the config and executes attacker hooks during clone. This issue has been patched in version 3.1.47.
CVE-2026-44243: GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory via insufficient validation of reference paths in reference creation, rename, and delete operations. This issue has been patched in version 3.1.48.
CVE-2026-44244: GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.set_value() passes values to Python's configparser without validating for newlines. GitPython's own _write() converts embedded newlines into indented continuation lines (e.g. \n becomes \n\t), but Git still accepts an indented [core] stanza as a section header — so the injected core.hooksPath becomes effective configuration. Any Git operation that invokes hooks (commit, merge, checkout) will then execute scripts from the attacker-controlled path. This issue has been patched in version 3.1.49.

4 security issues in bullseye

Mon, 18 May 2026 01:00:08 +0000

There are 4 open security issues in bullseye.

4 important issues:

CVE-2026-42215: GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs upload_pack and receive_pack bypass that check. If an application passes attacker-controlled kwargs into Repo.clone_from(), Remote.fetch(), Remote.pull(), or Remote.push(), this leads to arbitrary command execution even when allow_unsafe_options is left at its default value of False. This issue has been patched in version 3.1.47.
CVE-2026-42284: GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)). A string like "--branch main --config core.hooksPath=/x" passes validation (starts with --branch), but after split becomes ["--branch", "main", "--config", "core.hooksPath=/x"]. Git applies the config and executes attacker hooks during clone. This issue has been patched in version 3.1.47.
CVE-2026-44243: GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory via insufficient validation of reference paths in reference creation, rename, and delete operations. This issue has been patched in version 3.1.48.
CVE-2026-44244: GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.set_value() passes values to Python's configparser without validating for newlines. GitPython's own _write() converts embedded newlines into indented continuation lines (e.g. \n becomes \n\t), but Git still accepts an indented [core] stanza as a section header — so the injected core.hooksPath becomes effective configuration. Any Git operation that invokes hooks (commit, merge, checkout) will then execute scripts from the attacker-controlled path. This issue has been patched in version 3.1.49.

4 security issues in bookworm

Mon, 18 May 2026 01:00:08 +0000

There are 4 open security issues in bookworm.

4 important issues:

CVE-2026-42215: GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs upload_pack and receive_pack bypass that check. If an application passes attacker-controlled kwargs into Repo.clone_from(), Remote.fetch(), Remote.pull(), or Remote.push(), this leads to arbitrary command execution even when allow_unsafe_options is left at its default value of False. This issue has been patched in version 3.1.47.
CVE-2026-42284: GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)). A string like "--branch main --config core.hooksPath=/x" passes validation (starts with --branch), but after split becomes ["--branch", "main", "--config", "core.hooksPath=/x"]. Git applies the config and executes attacker hooks during clone. This issue has been patched in version 3.1.47.
CVE-2026-44243: GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory via insufficient validation of reference paths in reference creation, rename, and delete operations. This issue has been patched in version 3.1.48.
CVE-2026-44244: GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.set_value() passes values to Python's configparser without validating for newlines. GitPython's own _write() converts embedded newlines into indented continuation lines (e.g. \n becomes \n\t), but Git still accepts an indented [core] stanza as a section header — so the injected core.hooksPath becomes effective configuration. Any Git operation that invokes hooks (commit, merge, checkout) will then execute scripts from the attacker-controlled path. This issue has been patched in version 3.1.49.

lintian reports 2 warnings

Wed, 06 May 2026 18:31:20 +0000

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Standards version of the package is outdated.

Wed, 06 May 2026 12:16:39 +0000

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.7.3).

Accepted python-git 3.1.50-1 (source) into unstable

Wed, 06 May 2026 07:33:44 +0000

From: [email protected]" target="_blank">Debian FTP Masters <[email protected]>
To: [email protected]" target="_blank"> <[email protected]>
Subject: Accepted python-git 3.1.50-1 (source) into unstable
Date: Wed, 06 May 2026 07:33:40 +0000
Signed by: [email protected]" target="_blank">Hans-Christoph Steiner <[email protected]>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 06 May 2026 08:57:10 +0200
Source: python-git
Architecture: source
Version: 3.1.50-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <[email protected]>
Changed-By: Hans-Christoph Steiner <[email protected]>
Changes:
 python-git (3.1.50-1) unstable; urgency=medium
 .
   * New upstream version 3.1.50
Checksums-Sha1:
 92717deea8b895432ca585727ebff8ca7a2f4503 2418 python-git_3.1.50-1.dsc
 bd09c7adc49aca08b3cbfe92eb098685bb58748d 560633 python-git_3.1.50.orig.tar.gz
 0aade3030d248c27b8df786e1ceae84f1e17b757 7172 python-git_3.1.50-1.debian.tar.xz
 ba5cd947daaed5eb3f6941115f999f7884a6164c 8983 python-git_3.1.50-1_source.buildinfo
Checksums-Sha256:
 92aa3d0af256260f999c55d12690f41d5ea082a821e1027b65529a4cfc3cd284 2418 python-git_3.1.50-1.dsc
 3daa69879e908aeb102de2b58ca4e07ba9cc3fd001f9c3d9b8bcf628fb4acb30 560633 python-git_3.1.50.orig.tar.gz
 77c6ca9a304a1aeb3ebe78a1edab25b7eacb70c9d8c47f1a4744b1cffa53aacf 7172 python-git_3.1.50-1.debian.tar.xz
 0a7aeb3f5a7d14dd4c1b7739cc2c6f86d357269632595d34178ab25ce50932c8 8983 python-git_3.1.50-1_source.buildinfo
Files:
 afdd014192712851aac6dd691c7d048e 2418 python optional python-git_3.1.50-1.dsc
 d7a0a3635935c80ba0cf01ba82903d51 560633 python optional python-git_3.1.50.orig.tar.gz
 92029abe29d44df4af0f18157585f02c 7172 python optional python-git_3.1.50-1.debian.tar.xz
 08dffd4c06712d71cb60a55d1137c880 8983 python optional python-git_3.1.50-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEElyI52+aGmfUmwGoFPhd4F7obm/oFAmn66xkACgkQPhd4F7ob
m/rvCgf+NRY+uY5dRR1dubURhHyIekfnYU/D8mKjSv/zZ0f7eZrm9GKyQLKxm1uH
QxfwqOvb0AxvO9GT8JZsqWFCnR/lpc83S6ZkhNhK9fXSYtKNIMktqz4+8OPXG1Nn
6SbbswB5wNLPgxfhDLifNBwvxooboSBeYRrfa2rvG9lekaAp6Vb8FgfeEyWufFBQ
LK/VuyhBzWz027s3p16xw3V9FFPWxwaO1DbHiwMqpGAbAh0Lt8BXrryWDRQ6VgRV
6lpCHuBGsz2x0BrNkrFWK4EOwKiO6LPbf4bampnnE1lv1TDkPJhKvRfldi99bTRN
a223c2GG9hTtYX5BfBYbJxF4pjLNhQ==
=YuH7
-----END PGP SIGNATURE-----

python-git 3.1.46-1 MIGRATED to testing

Sun, 25 Jan 2026 05:04:53 +0000

From: [email protected]" target="_blank">Debian testing watch <[email protected]>
Subject: python-git 3.1.46-1 MIGRATED to testing
To: [email protected]" target="_blank"> <[email protected]>
Date: Sun, 25 Jan 2026 04:39:10 +0000

FYI: The status of the python-git source package
in Debian's testing distribution has changed.

  Previous version: 3.1.45-1
  Current version:  3.1.46-1

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

Accepted python-git 3.1.46-1 (source) into unstable

Fri, 23 Jan 2026 01:14:17 +0000

From: [email protected]" target="_blank">Debian FTP Masters <[email protected]>
To: [email protected]" target="_blank"> <[email protected]>
Subject: Accepted python-git 3.1.46-1 (source) into unstable
Date: Fri, 23 Jan 2026 01:14:15 +0000
Signed by: [email protected]" target="_blank">Boyuan Yang <[email protected]>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 22 Jan 2026 15:39:57 -0500
Source: python-git
Architecture: source
Version: 3.1.46-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <[email protected]>
Changed-By: Boyuan Yang <[email protected]>
Changes:
 python-git (3.1.46-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream release.
   * debian/control: Bump Standards-Version to 4.7.3.
   * debian/control: Add missing Built-Using field.
Checksums-Sha1:
 bc9c62626262fc1c9a1935ca2f9a97b32bb5b36a 2762 python-git_3.1.46-1.dsc
 7f834ecf54091c4d61950be4a440a7639fb03d7f 549065 python-git_3.1.46.orig.tar.gz
 99b145687120eb34aee40767d8bafd7d24b8e764 7136 python-git_3.1.46-1.debian.tar.xz
 145ca270cebb32fbf9cd79dd64bdc8af273b72f2 8555 python-git_3.1.46-1_amd64.buildinfo
Checksums-Sha256:
 a3ce63b1a4cdcd60d558f052ac7e1464099ca76394bc28dab6c5fc3acc0a6d24 2762 python-git_3.1.46-1.dsc
 51890d1ac8e9a70194696e3746df454ff76dce8c1b75b44d34c8d9660d321e2a 549065 python-git_3.1.46.orig.tar.gz
 65be1432ba567e89ac2d6871d634901b0fefa3b725bce23e5accdb02ef1b9c11 7136 python-git_3.1.46-1.debian.tar.xz
 b7845537acec7fd04b6b3e25041686348994622d99321e17412a21ba883e67b9 8555 python-git_3.1.46-1_amd64.buildinfo
Files:
 e14c83d67564df665dedc42a65ea74e4 2762 python optional python-git_3.1.46-1.dsc
 b0463a3f1e370e4a7697e590ec2dc0f9 549065 python optional python-git_3.1.46.orig.tar.gz
 865ceca03b8f261cd53c2bb685127429 7136 python optional python-git_3.1.46-1.debian.tar.xz
 ef6825c81e0e8127a6c9257b9c43571b 8555 python optional python-git_3.1.46-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfncpR22H1vEdkazLwpPntGGCWs4FAmlyjBkACgkQwpPntGGC
Ws6Nyg/6Aorr1EfkkBG7CiJulHDj8j6ptSkLlrT/ort4e16S8bIWv4eKDQo+Zj3r
ArRyLVdF3GCHUWeWtV8lquOTBFoHG8+HpNxhvDiM+zVaa1nFk3C0qox76lsXWzOU
VBQcpsjgp0sKjpcgShQ1hGwiHh7yspN3wvyNBpPVjXAZBcUwUbZGL45K8GR+09/l
RhIZS9/8mHsEoq2hzDloE5tleahwZXEZRyitwh825DBdWlhJ/aUjLhbBA94lW7lD
NpsHSCJF/Xyb/HTJdmqg8NuGq/I020S6axkgwTySBnhMsPcRnnUZY+n4PjxwMfzb
+eHFe+5YcJ5FyUv9Am8LIrd8VyQ4LGny45s9SOmW+T2cLi/oNtajUSgr1jE/r631
Az9NUiWl1bbAZm6UPICIS2Ou+3688vxlKxtZeXqkz5WjqY79wiEsP0YNE4fDqtXV
vB9fmGFRU/HETLgxrlEtAPl9CGu9M0xtPzAiPnVE/jm639zeKAjgik3beJkDFFfP
Al3OO3vjRqyJ3taRbrYta3ZEtBZ9FhfvLsB21SKsGHR5nV1cCFlbEesB0KVJSABR
2m0oXqkh4xjm9/8WtfjfF+hTXUBfyOJcdtabaf76YP8cAgY5XiKvpVc4+X0LE752
Pke7VrA84aDCwIT6wHpmnY5K/YETiYPdDnro0QxT1GyevjsDyiQ=
=h8Dh
-----END PGP SIGNATURE-----

python-git 3.1.45-1 MIGRATED to testing

Sat, 06 Sep 2025 05:08:07 +0000

From: [email protected]" target="_blank">Debian testing watch <[email protected]>
Subject: python-git 3.1.45-1 MIGRATED to testing
To: [email protected]" target="_blank"> <[email protected]>
Date: Sat, 06 Sep 2025 04:39:10 +0000

FYI: The status of the python-git source package
in Debian's testing distribution has changed.

  Previous version: 3.1.44-1
  Current version:  3.1.45-1

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

Accepted python-git 3.1.45-1 (source) into unstable

Wed, 03 Sep 2025 00:49:35 +0000

From: [email protected]" target="_blank">Debian FTP Masters <[email protected]>
To: [email protected]" target="_blank"> <[email protected]>
Subject: Accepted python-git 3.1.45-1 (source) into unstable
Date: Wed, 03 Sep 2025 00:49:32 +0000
Signed by: [email protected]" target="_blank">Colin Watson <[email protected]>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 03 Sep 2025 01:25:03 +0100
Source: python-git
Architecture: source
Version: 3.1.45-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <[email protected]>
Changed-By: Colin Watson <[email protected]>
Changes:
 python-git (3.1.45-1) unstable; urgency=medium
 .
   * Team upload.
 .
   [ Geovanna Maciel ]
   * Update Standards-Version to 4.7.0.
 .
   [ Colin Watson ]
   * New upstream release.
   * Standards-Version: 4.7.2.
Checksums-Sha1:
 2286d171df0f880c4486ee51c6721da296dcaeaa 2880 python-git_3.1.45-1.dsc
 a70d494350cb651f7a0fc0497879ca54b0a3de49 547089 python-git_3.1.45.orig.tar.gz
 bd868f17f84d1a5eb8ebd43283d4b1d4cf12f006 7088 python-git_3.1.45-1.debian.tar.xz
Checksums-Sha256:
 b597afe3b9eec16acd352312babaeb9c7ca8799291c86acac7887e23562232cc 2880 python-git_3.1.45-1.dsc
 67a52b150bf206612fefa478e6e5d5a31a3a379cd346577a386194878b9f8762 547089 python-git_3.1.45.orig.tar.gz
 ee0ea69ba5896065cbc3e4459e5a096c96f9890c4f2d462380a7093c82295362 7088 python-git_3.1.45-1.debian.tar.xz
Files:
 65687164aa2cc7ab061a3d371c1cacea 2880 python optional python-git_3.1.45-1.dsc
 2add0c7a515ba80f35645bbf8ad8362d 547089 python optional python-git_3.1.45.orig.tar.gz
 eb379615e61ef624c69e56b93af7952e 7088 python optional python-git_3.1.45-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmi3ixUACgkQOTWH2X2G
UAskDQ//XXUQSvU9E7B9C17KKqsL0Rg9zSvwNk4G944XH9tbWNaWsCPBp7a7rjNa
OtZe1yI+X3+dCMJCt465DhXwXM6IvuuM7as6UE83uNWvW8Mz8pTQUO7j8r+mMpME
eNS2Ha2GQDAeQtAYDu5fuQiP1AaeDHroASd0XYNJB9ZRibGd06OycUwUneEbEyAH
AfJRdXPOLJ6mFQOv9JdBtIQnVgZn+LW/o2XNWy98PdRBfNPscEEJw1XWvSoFEdXa
HI0R3/ZEW4nYCncsPldUv0MjtaNf3pfGub06Sb83gu7JJ8tyLnqR8yrbvLmIUrCi
P45n9o99Z32sEPgafpawRVCgV6DwCB9OZRg1Be19XwcM17ErcGC3DFmyIYcmX0px
sozQM5hvthWNEnlBqmanCeb1n0GLHK8TDqd9sN6U53r4VvLJepyoVIL9tPbYci6A
CH3w9gJtt8P7D57lJDm87gnCkin5htMJLtU5CU6UKJ81EvhYs97pTULnIdP2NQDW
z+aXoKxpWF1qgyNsx1ZWi2gEvYmvyDu7AI8Lzg+KbmwM71rZcNSANLDGvwJAtvSt
6t7Q6Jwifqyqk0ZaTz1ZEvn+apaHRDrG/KgMnGJ7aFMmKnfWL7fQqN5Zgndq/X6B
8QBFslom2Jc0YHpRUYU7SUkgPS68dX/5FWF38kNJJm2u5dIcMmA=
=SCvh
-----END PGP SIGNATURE-----

python-git 3.1.44-1 MIGRATED to testing

Fri, 14 Mar 2025 04:39:35 +0000

From: [email protected]" target="_blank">Debian testing watch <[email protected]>
Subject: python-git 3.1.44-1 MIGRATED to testing
To: [email protected]" target="_blank"> <[email protected]>
Date: Fri, 14 Mar 2025 04:39:18 +0000

FYI: The status of the python-git source package
in Debian's testing distribution has changed.

  Previous version: 3.1.37-3
  Current version:  3.1.44-1

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

Accepted python-git 3.1.44-1 (source) into unstable

Mon, 10 Mar 2025 17:34:54 +0000

From: [email protected]" target="_blank">Debian FTP Masters <[email protected]>
To: [email protected]" target="_blank"> <[email protected]>
Subject: Accepted python-git 3.1.44-1 (source) into unstable
Date: Mon, 10 Mar 2025 17:34:50 +0000
Signed by: [email protected]" target="_blank">Hans-Christoph Steiner <[email protected]>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 05 Mar 2025 19:51:18 +0100
Source: python-git
Architecture: source
Version: 3.1.44-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <[email protected]>
Changed-By: Hans-Christoph Steiner <[email protected]>
Changes:
 python-git (3.1.44-1) unstable; urgency=medium
 .
   * New upstream version 3.1.44
Checksums-Sha1:
 7fd2e168b85783815d7102a9a2966e962fb4fdba 2418 python-git_3.1.44-1.dsc
 c479aa5a189b6ce7680edfa8f7a3d7d56c780829 544550 python-git_3.1.44.orig.tar.gz
 8024acf6d4735c103551fecaeaa2375ab8b34804 7032 python-git_3.1.44-1.debian.tar.xz
 f49a6c97e19a3dd7b1c789df72590205fe34bef4 9025 python-git_3.1.44-1_source.buildinfo
Checksums-Sha256:
 a2e6cf9b0c0b109537f835c0a5b3f3944aeab7fe507959db28f36fce440532d9 2418 python-git_3.1.44-1.dsc
 30101221a869968d4fe2a010ee9ca1134c22272089d9e9fee2040a68541443c6 544550 python-git_3.1.44.orig.tar.gz
 9c4a28c953c7b8b73131174552b53ee1aee58ec9f218a9dd2c1a920151ebd872 7032 python-git_3.1.44-1.debian.tar.xz
 1f7e64d51ca0f163181e966c8cfb983699735a8aeac4d68eceb9f9b6363851f0 9025 python-git_3.1.44-1_source.buildinfo
Files:
 479b1bced897406dbe45dced4efbb10e 2418 python optional python-git_3.1.44-1.dsc
 7e79b2d3a6e64ea5ef5a122c79723b39 544550 python optional python-git_3.1.44.orig.tar.gz
 3f773e5d1c21c9745d4e339247006348 7032 python optional python-git_3.1.44-1.debian.tar.xz
 d536a23ed863e9291ab2979d392d9d4e 9025 python optional python-git_3.1.44-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEElyI52+aGmfUmwGoFPhd4F7obm/oFAmfPIDIACgkQPhd4F7ob
m/onxggAiqJTqQ34MEPF4rXbE5E2/eKZlj104dOisWPjlKfb5F31gD5qifZic/Pk
YVETQwYOiN4U/tgb0XjQYIxvBCquKfWHgTmv821iUTOXGAAjBjyguxcOAFtx9HgM
x7G1PtpswTxMmLXJlDU5gPh/VVt2zy/EBYIt/1no0n33asjQ2N50Y/LCA1zxgDBu
emgun4CLNw9fniIFQndXi5rDALgsMYMK/ikoTc6yDEod55ikS8xpQn3AtvvubmVI
kk1HesKRrTxzHUAavTAdtkLM9UF0cdZZUvLzpA55pfj4+x4Sf/pb4vsF9Kj+1q6J
zI7/g/SJA5pzodpnLvbyjcuH7SN6Ug==
=6QIj
-----END PGP SIGNATURE-----

Accepted python-git 3.1.14-1+deb11u1 (source) into oldstable-security

Tue, 29 Oct 2024 13:26:38 +0000

From: [email protected]" target="_blank">Debian FTP Masters <[email protected]>
To: [email protected]" target="_blank"> <[email protected]> , [email protected]" target="_blank"> <[email protected]>
Subject: Accepted python-git 3.1.14-1+deb11u1 (source) into oldstable-security
Date: Tue, 29 Oct 2024 13:20:18 +0000
Signed by: [email protected]" target="_blank">Daniel Leidert <[email protected]>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 29 Oct 2024 13:45:33 +0100
Source: python-git
Architecture: source
Version: 3.1.14-1+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Python Team <[email protected]>
Changed-By: Daniel Leidert <[email protected]>
Closes: 1027163 1043503
Changes:
 python-git (3.1.14-1+deb11u1) bullseye-security; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS Team.
 .
   [ Sylvain Beucler ]
   * CVE-2022-24439: Remote Code Execution (RCE) due to improper user input
     validation, which makes it possible to inject a maliciously crafted
     remote URL into the clone command. Exploiting this vulnerability is
     possible because the library makes external calls to git without
     sufficient sanitization of input arguments. (Closes: #1027163)
   * CVE-2023-40267: Follow-up fix for CVE-2022-24439. (Closes: 1043503)
 .
   [ Daniel Leidert ]
   * CVE-2023-41040: Blind local file inclusion.
   * Adjust patches for CVE-2022-24439 and CVE-2023-40267.
Checksums-Sha1:
 14a13129df454776e73185522159e74ca2821453 2457 python-git_3.1.14-1+deb11u1.dsc
 c1ada3a86243ad5f2871394a0d6d54a7f8f069bc 171534 python-git_3.1.14.orig.tar.gz
 977d2fd2f55e2a04ce431da8606e7b4da3ce69a9 13672 python-git_3.1.14-1+deb11u1.debian.tar.xz
 6e40bf8e1aeff10f155fcdc8ee8a875bea83900c 9022 python-git_3.1.14-1+deb11u1_amd64.buildinfo
Checksums-Sha256:
 65f8f5e966b258fdcdd570e21be3c6ada3aed0de48353ff7adb4ba3feec738a3 2457 python-git_3.1.14-1+deb11u1.dsc
 be27633e7509e58391f10207cd32b2a6cf5b908f92d9cd30da2e514e1137af61 171534 python-git_3.1.14.orig.tar.gz
 99fb0a79993f2d2eebd7aa63f0dd09b37c483e52ca82a6c7518ddaa8427ee54d 13672 python-git_3.1.14-1+deb11u1.debian.tar.xz
 fdf5456c8601c6635872e6d590e92abc094932fea9ab245f47dc22ed7314a860 9022 python-git_3.1.14-1+deb11u1_amd64.buildinfo
Files:
 e2436dc8d5d57e8d529e4c482e2503de 2457 python optional python-git_3.1.14-1+deb11u1.dsc
 8d4a922cb32ce13b5c91fee1e4ecd84c 171534 python optional python-git_3.1.14.orig.tar.gz
 36b83ad09cb6f4871e5d9b244f160bda 13672 python optional python-git_3.1.14-1+deb11u1.debian.tar.xz
 5eaa4b9de5ab1774902e684643cf4283 9022 python optional python-git_3.1.14-1+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmcg3WcACgkQS80FZ8KW
0F183w/+KBpFo2xS6BHOI77NEblnfaKsk2QZBs/8h5gDkh23arHeDMP1+hVRLMRS
DfGSVM9Xz4/MJ6sET5w0/W1fIJgCwTXqYN5QcRTyzGaSOCQlagNUOI2R5y8pu637
Gqpbmh0dm2ohPxDFdmcHMR27befZNE7nUXrhP13MBxRfP1e8A9CibBOkXGLK024B
K1YVMualnd7+kK1n0wJgR8D/2I/jui8KAPxfO0I0PFS4AkpYOwElm5zq88owDHxl
IzvdlK4l09FUp4SoY5rlgqebd8nRA5q7HPk2Ay4gJ57DvI3PrO1m8C3VGJGVe/m8
W+Oi9y6UHm56loUiUITu6MoT05PC0M3aWoj4S3Ox5a2l2ez8Seyp/tdQ84B9+Vzm
Lh/o6ktkj0tQDvwl29ydohhXskdXvDMzns1Gwpr2EFYsV62tyBsqZ5lLsgyg2ssG
o47lTpch6Vx2T0TYECUPYjq4LKpMrt3j/wa4IzQm0J/i2FtKnu6HGO+T6a9UOlVJ
9xbXOJEjl90yk9olTeOG4DxFgfP+nqeRZR9iOfF8IxYD1ADl8isnLrm2CR+ARu5n
7ThoorF169tYLo8mUMRrB57itdjvWiC0KzRQR1ytyWuln6WnMztZ3MknODtWPOZf
YEuczetrCbkb7B462TbC9eMZWtLQWQkTVNFEWQcsn42nYhNVESI=
=I+yT
-----END PGP SIGNATURE-----

python-git 3.1.37-3 MIGRATED to testing

Thu, 18 Jan 2024 04:39:22 +0000

From: [email protected]" target="_blank">Debian testing watch <[email protected]>
Subject: python-git 3.1.37-3 MIGRATED to testing
To: [email protected]" target="_blank"> <[email protected]>
Date: Thu, 18 Jan 2024 04:39:09 +0000

FYI: The status of the python-git source package
in Debian's testing distribution has changed.

  Previous version: 3.1.37-1
  Current version:  3.1.37-3

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

Accepted python-git 3.1.37-3 (source) into unstable

Fri, 12 Jan 2024 15:34:50 +0000

From: [email protected]" target="_blank">Debian FTP Masters <[email protected]>
To: [email protected]" target="_blank"> <[email protected]>
Subject: Accepted python-git 3.1.37-3 (source) into unstable
Date: Fri, 12 Jan 2024 15:34:45 +0000
Signed by: [email protected]" target="_blank">Jérémy Lal <[email protected]>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 12 Jan 2024 16:11:11 +0100
Source: python-git
Architecture: source
Version: 3.1.37-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <[email protected]>
Changed-By: Jérémy Lal <[email protected]>
Changes:
 python-git (3.1.37-3) unstable; urgency=medium
 .
   * Team upload.
   * Source-only upload.
Checksums-Sha1:
 a969abf020d2203ab9d7741ee4303788b21ecc7a 2767 python-git_3.1.37-3.dsc
 d76402808d483e308efd6bb060965b5e9b208f6e 7004 python-git_3.1.37-3.debian.tar.xz
 520b5a7bf3110aed49fb1dee5edddec73ba13052 9302 python-git_3.1.37-3_source.buildinfo
Checksums-Sha256:
 9eee3e93bee05f5aa284eaabee6df1e830212514fa31212d4814b3dd25d9322e 2767 python-git_3.1.37-3.dsc
 ac41c72f296e95436b23def782eaf5b3b4e38877cc8ff6a885007aea867cae32 7004 python-git_3.1.37-3.debian.tar.xz
 1f403621b556a478bdaf692a20cee1a915290cc7853a41790a99f8774d66fe0f 9302 python-git_3.1.37-3_source.buildinfo
Files:
 9ba49106eca760d4bb1dc68854ab7732 2767 python optional python-git_3.1.37-3.dsc
 46c5ed0c71e2228b5702c09ab40cbfc1 7004 python optional python-git_3.1.37-3.debian.tar.xz
 1054145fbfacceb4696081756ee06eca 9302 python optional python-git_3.1.37-3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCAAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAmWhVqMSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0k0AP/3+fQb/tPTufLT16XkpeQazAXFeXBN1K
+cS8yrTZzJ9IHW1AgToQGoIxaXBmHaVwcGrzZoN9pLGE0UEkI/tRm78NUQiHOCew
DnLnqrAaMVDKvkWPS/uzZtLEbGi6SfWggQR0y4G0rLHIK3xlZNlG9bth4Ij2acbW
4s78Eq9D1fSN4BkESytGXwyrjECymahS6WOV3/piqSoA0MAxwE0cwdPCth6Eohw/
LVd8f3bywZfbq7/9Q4W8Tnpx7ShXOwhaURc7RqJoBMXsJhCL80rBl49ngQLq6rQX
kBdGXKJFDJrc8/xhR8x9XRe+sFZswoxoftKWL3k3o3joU7xdeMssDuvUerDVElZw
eu9HbphPyx7gc/1QEWXXZ9SVzbfSMY8fY81FztCYj/IxuzXtmuRE2k73giEa81r5
WMu1eHhrNqaQcHqytex+Gme+4Q64FyWoJrO3wxLPcXx0Pf8L+Xr40xlLpe/IcCiC
DSrlMQQ4OTgR+saElNClfCW+LOhT6asfsE7Xg8Zqes9bJKIK6fQNk1eYGArxk/Ds
qJv0f/MCCwqV3qSmNqQzlpO+IjLppOec6CGTnn7fExZT/YoWazI8NTPcwbmRVfHp
GSVScKeZleU6PwrdzRLe7Niuwx2dmFZ+WHXlbpxZV3iaaADv5gITv7zVgNoBVk/N
dgejEUl/+uZX
=NwhH
-----END PGP SIGNATURE-----

Accepted python-git 3.1.37-2 (source all) into unstable

Sat, 06 Jan 2024 19:09:38 +0000

From: [email protected]" target="_blank">Debian FTP Masters <[email protected]>
To: [email protected]" target="_blank"> <[email protected]>
Subject: Accepted python-git 3.1.37-2 (source all) into unstable
Date: Sat, 06 Jan 2024 19:09:32 +0000
Signed by: [email protected]" target="_blank">Jérémy Lal <[email protected]>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 06 Jan 2024 19:33:40 +0100
Source: python-git
Binary: python-git-doc python3-git
Architecture: source all
Version: 3.1.37-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <[email protected]>
Changed-By: Jérémy Lal <[email protected]>
Description:
 python-git-doc - Python library to interact with Git repositories - docs
 python3-git - Python library to interact with Git repositories
Changes:
 python-git (3.1.37-2) unstable; urgency=medium
 .
   * Team upload.
   * Add pydist for GitPython alias
Checksums-Sha1:
 7fa8fe3a8a8461aab10d7728d646b3ffb5f3124f 2767 python-git_3.1.37-2.dsc
 b2ebc0a6631a39d6b801f1b83393668015d6f706 6972 python-git_3.1.37-2.debian.tar.xz
 7e4435f5aee21719651358cdd309a884f2cd7c85 166780 python-git-doc_3.1.37-2_all.deb
 17e7a8340a5dac92b1eafc3094117be2ed1293e9 9054 python-git_3.1.37-2_amd64.buildinfo
 e791e2aaba74dfaa9ecd7335fa0a45b74be24cca 136728 python3-git_3.1.37-2_all.deb
Checksums-Sha256:
 0857f79f49b56fe3dfb39abd378f8fe1d50a171f0a97957c1901d769e300cee9 2767 python-git_3.1.37-2.dsc
 1373f61ef4e042a95c6190e8ad586c5991f7f8b37bb77955a08ea48665baac69 6972 python-git_3.1.37-2.debian.tar.xz
 c2fae0a8e13703d89cdb69679b7ecfc94bfbbe041559d0805441939ef14ad855 166780 python-git-doc_3.1.37-2_all.deb
 9af024557d3f8a5f187798971454807e68e314e6e78ad1528480ba8d5fc3f7b3 9054 python-git_3.1.37-2_amd64.buildinfo
 95f2a527cafebf0de7ed5915089bec8c2e58a956d251dec20bfece1fa683875f 136728 python3-git_3.1.37-2_all.deb
Files:
 cba3b7caea8b9aba797356c8ba1919ac 2767 python optional python-git_3.1.37-2.dsc
 21007784d31510c4eec33ed3ba6486cd 6972 python optional python-git_3.1.37-2.debian.tar.xz
 c84845037e887c380438f34eb7f80b73 166780 doc optional python-git-doc_3.1.37-2_all.deb
 17d7962e5b616865e61b32612f88e896 9054 python optional python-git_3.1.37-2_amd64.buildinfo
 cf20ae0be8ebeb5578585fa058abc174 136728 python optional python3-git_3.1.37-2_all.deb

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCAAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAmWZnisSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN01k4P/16GxsWcZJ4IF1guNGjTuZI6/vG7eTi0
xKh3e1teYVxEoDLVRCSjD5QPIxmhVIK57ReEOVSDMcvjXRbTEQb/hAsLdIkWarJD
nXMOBHBaqh18pSP5iAdCD6AdQDzn6ketEYGCp8e82Uw/QYGkXTu5+I+p8OJO0UQp
YGnCLRAIFGFiuP6m7K3Bqfxo4YILIHyn9jv8X8FIM1JqjZCUran2tvPdQXZHqaFR
WHyqPD3jzyKqbCJh+Fu0QNeEC7GE6hXEVs3B6hXIXx5LK1ATH6REGPt11Vefg5Uz
AjPzQVaBnrw6QCos1LuTLQIfV99y0cm2Rsq2hSHr2amXzlcqrwHrpoXh57Ug77/S
YjfqvqVP5gxG/+XC64biSROQdx7jAWPRw/cugNvF76mt9A1lHN3NVjDdZjeK0CYz
n9jtO9xdqxDEU2nD5gohzk5WLFRPsqVSupBp2ZXx5aPgAz3fg2Tqdkbchzkwz7Fh
2ThVcs+CjS4IrD6q45Qk2IxvZICACAIF1MH2QpDHQbVwH+JAq4EAMO3tMW7ymOWY
WBpR4vkL3Gm5ru08+vEem69Ua8xIOCkzhU1hO3+vb83hOzwjXOGOe/fHkDp5rCxt
nNzIqj4clNsirEj6ebbvuvkWIBI1qOnaI95ER9XqxAJtr6FNOqViE53u+z8PIUC1
xY1MPYPxl3e3
=0/dC
-----END PGP SIGNATURE-----

Accepted python-git 3.1.30-1+deb12u2 (source) into proposed-updates

Sun, 01 Oct 2023 16:47:20 +0000

From: [email protected]" target="_blank">Debian FTP Masters <[email protected]>
To: [email protected]" target="_blank"> <[email protected]>
Subject: Accepted python-git 3.1.30-1+deb12u2 (source) into proposed-updates
Date: Sun, 01 Oct 2023 16:47:14 +0000
Signed by: [email protected]" target="_blank">Hans-Christoph Steiner <[email protected]>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 29 Sep 2023 20:43:31 +0200
Source: python-git
Architecture: source
Version: 3.1.30-1+deb12u2
Distribution: stable
Urgency: high
Maintainer: Debian Python Team <[email protected]>
Changed-By: Hans-Christoph Steiner <[email protected]>
Changes:
 python-git (3.1.30-1+deb12u2) stable; urgency=high
 .
   * Team upload.
   * Fix CVE-2023-41040: Blind local file inclusion.
Checksums-Sha1:
 5c88d3b4b65a4631b0cbe79df667ad7416b3f04b 2429 python-git_3.1.30-1+deb12u2.dsc
 a9bc58bd808a5e4e32f6d1a0b7eeabd156a19215 8780 python-git_3.1.30-1+deb12u2.debian.tar.xz
 39e24e7185f3fe51b3bd1f5873dc7bf9a9f48e20 8710 python-git_3.1.30-1+deb12u2_source.buildinfo
Checksums-Sha256:
 329ab33483d99ce17c477e9674080236e7ef9a839d63abdcc3c74f69577ce35d 2429 python-git_3.1.30-1+deb12u2.dsc
 d3981a5b1ec77da6666642105858711cf8cbdaed8b48601397246f6342b8a1d7 8780 python-git_3.1.30-1+deb12u2.debian.tar.xz
 6317ec59ef539412f868461cd3acc713499f90df600ba3eaf835eb444724f674 8710 python-git_3.1.30-1+deb12u2_source.buildinfo
Files:
 be105b94555de8de90505b7d080e351c 2429 python optional python-git_3.1.30-1+deb12u2.dsc
 29366472c2a30f972bde60b12d5e11fa 8780 python optional python-git_3.1.30-1+deb12u2.debian.tar.xz
 e137957c9d19879f53492b6b3abe2d86 8710 python optional python-git_3.1.30-1+deb12u2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEElyI52+aGmfUmwGoFPhd4F7obm/oFAmUXJa8ACgkQPhd4F7ob
m/r2YggAkJ/qZylDbAual540Bz/oYywGUQLmQrP7ymmFSs6qmAyiItdD5IxZ11td
0HXBdyV3OkHWym4TE15rLTsyAewvf6zQZyWoZyodNWlfiuucQw3TVV33ul/3MBN1
saMPaVi4SLvNpXCv9Z3los3WzOpEiQYZmSrnUsq1A325aPt75hy6FnDcC0DF5qFe
2B4osqp7Nr8zkedxUUvqmIQZM16LxdGuakK8InFTWQF+XiHBdFp4ZQUTsMHL5xMk
32v2KTeHIjjnBULB5lOcIIO4D8KMAhPilsNZnUSn57oaQ0q/YQepnEE68YKdfMo4
eVovuiEz4CnpZ+2GnsIS00p//VcDRg==
=Ctlt
-----END PGP SIGNATURE-----

python-git 3.1.37-1 MIGRATED to testing

Sun, 01 Oct 2023 04:39:20 +0000

From: [email protected]" target="_blank">Debian testing watch <[email protected]>
Subject: python-git 3.1.37-1 MIGRATED to testing
To: [email protected]" target="_blank"> <[email protected]>
Date: Sun, 01 Oct 2023 04:39:15 +0000

FYI: The status of the python-git source package
in Debian's testing distribution has changed.

  Previous version: 3.1.36-1
  Current version:  3.1.37-1

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

Accepted python-git 2.1.11-1+deb10u2 (source) into oldoldstable

Fri, 29 Sep 2023 14:57:51 +0000

From: [email protected]" target="_blank">Debian FTP Masters <[email protected]>
To: [email protected]" target="_blank"> <[email protected]> , [email protected]" target="_blank"> <[email protected]>
Subject: Accepted python-git 2.1.11-1+deb10u2 (source) into oldoldstable
Date: Fri, 29 Sep 2023 14:30:20 +0000
Signed by: [email protected]" target="_blank">Guilhem Moulin <[email protected]>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 29 Sep 2023 15:53:15 +0200
Source: python-git
Architecture: source
Version: 2.1.11-1+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Debian Python Modules Team <[email protected]>
Changed-By: Guilhem Moulin <[email protected]>
Changes:
 python-git (2.1.11-1+deb10u2) buster-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * Fix CVE-2023-41040: Blind local file inclusion.
Checksums-Sha1:
 9fa243fa95625e4fe6027e5228433390751f8189 2459 python-git_2.1.11-1+deb10u2.dsc
 c6b8d2ee23194a01fd15812a82619638249481ef 15152 python-git_2.1.11-1+deb10u2.debian.tar.xz
 4afe6e01dee79d62495c14f82dfa8a93b3b811c0 9398 python-git_2.1.11-1+deb10u2_amd64.buildinfo
Checksums-Sha256:
 5f122d7449894800e8a9f409ee31f0cddf5b6c7a8294b27de9e4e80692a4ba5c 2459 python-git_2.1.11-1+deb10u2.dsc
 af89ed835e5112b45bd165f84368c2c41899f548fa1d0e1b0cd2f111d72ed454 15152 python-git_2.1.11-1+deb10u2.debian.tar.xz
 3d56ed4c8b39ef75157a56a69f3c4c0542371c8b7b702797c7a94b744313999d 9398 python-git_2.1.11-1+deb10u2_amd64.buildinfo
Files:
 74385e7f0f6697e8d66754fa85372844 2459 python optional python-git_2.1.11-1+deb10u2.dsc
 55e6644aa1d3c100881dee0aae7f035f 15152 python optional python-git_2.1.11-1+deb10u2.debian.tar.xz
 f161fc29176f779da5262c647e2d765f 9398 python optional python-git_2.1.11-1+deb10u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmUW2JEACgkQ05pJnDwh
pVIQHQ/6AiuEbltyTRWCEnaigjcIOtnERdklUxZ833u+yWJh4WfxrVT3u1OlQJzZ
/o7Gn9F4a5cfXiQ7dlV8ruRaU+ED7bCc+hD85oIdpF1KTZq26KUoSdf89GZMLkzT
gsvZs/BfzQ1kTaiiFI7EjHVHThYaHgVkF1HWIT3v/1pEwq7Y8T5D7/iFHArNAmZV
vPSYiNnLdCANveZnEcr2jFr/tdsgz1SvNWDDccI0eeZHc7StXDlnT15sm04klWEH
CSTYbJt2T7TuSdyBD0EROmhSr08/kqOfgyRWbgUKZUtxmu/7VxV07BtqzisNcQxc
yphTim94NsH9CBXix2XY1Pjl/Rk/W+jrnHcFVLnb6AhHlMb9IBozWegwFmqrFGzw
l3zIxEsSrAjcQ1OSFPCOjbEkqAEGDtfo6ooc4xFC38o9dtjSmkE30UNnzXKFk5Zg
/rybcs2npoUiXYZdNZRKzNlVAXzBi/J5Y4z3TBH2mgxxjFpJxf0vfa67b2gr1KGx
J8WsB8nouU9f33hXIai8gTgrOtj2Krnzsd85NwL/YnHqM9nypp3i27XetssITrz4
9kOsOTSfKfKuQlR0NwYk0eLPnfjMdAqz7pw1Knv1AFQtRaxvDVEtQ+HBZ6sK9KA0
4ZpgNUa+4QuQi8pw1plfHnRRehV0z5wn0v0B5OIWLQ/adHdakrw=
=B93A
-----END PGP SIGNATURE-----

Accepted python-git 3.1.37-1 (source) into unstable

Fri, 29 Sep 2023 11:05:01 +0000

From: [email protected]" target="_blank">Debian FTP Masters <[email protected]>
To: [email protected]" target="_blank"> <[email protected]>
Subject: Accepted python-git 3.1.37-1 (source) into unstable
Date: Fri, 29 Sep 2023 11:04:56 +0000
Signed by: [email protected]" target="_blank">Hans-Christoph Steiner <[email protected]>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 29 Sep 2023 12:35:58 +0200
Source: python-git
Architecture: source
Version: 3.1.37-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <[email protected]>
Changed-By: Hans-Christoph Steiner <[email protected]>
Changes:
 python-git (3.1.37-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream version 3.1.37
Checksums-Sha1:
 f7d5e7e2c74c115b6c157a1dceaa038df7741e7e 2397 python-git_3.1.37-1.dsc
 7af4573e60948cf0675e84b239ec16e1fc43d736 487793 python-git_3.1.37.orig.tar.gz
 9d1be6a33eee6def8564df257d0a991f8ca6a23b 6904 python-git_3.1.37-1.debian.tar.xz
 ffeea32cfea3678b7feb30e6f1cdb927aa3a516f 8678 python-git_3.1.37-1_source.buildinfo
Checksums-Sha256:
 6d4667e25cb7c7acc4a16ca7d778583cc9e79bc2a08c5b92d29c7a84055bb2c2 2397 python-git_3.1.37-1.dsc
 b1954641409e31242733c96fb739cc2680c4cb2c1606c07746e987e0e92bdbbc 487793 python-git_3.1.37.orig.tar.gz
 f2b3cdf7ab7b1aeedd24fbea42fda28ea0480b083156b63e4bdce6ea99d05955 6904 python-git_3.1.37-1.debian.tar.xz
 e506a6665b31db1590be5b77c02384c572440d0535586478f4681c4ec5e31c6a 8678 python-git_3.1.37-1_source.buildinfo
Files:
 0bdb45d6d0d8c3152134613c3cdb5a79 2397 python optional python-git_3.1.37-1.dsc
 eae05ec2e472398341006dcf2423ce30 487793 python optional python-git_3.1.37.orig.tar.gz
 b1e2a818837095f48fd5addba1943e4e 6904 python optional python-git_3.1.37-1.debian.tar.xz
 03afca03443fa99193824d3d6a006452 8678 python optional python-git_3.1.37-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEElyI52+aGmfUmwGoFPhd4F7obm/oFAmUWqa4ACgkQPhd4F7ob
m/qTfggAlBnZjf0HsX0jJ8rCu4AvtJ1B6meSSapmsjNt6zh03KeTh4biDW8o/2ta
9yb03Bmc5crWDKYha8BgwRghO9eBmx6LGGWX8dnbPZ0dandQDKlES7UydSaUUpAS
C4BG/pazj/NCorUe7XH7lqzDW8AHzU0z1Xo7LbHw2juDs6lI5VtXMBIDWMk2P14+
vbwKxDnQeKZdXvCpCXxyWzTPwq8sbeM+okdxKKKmZI+3oxW/9dhgQ7h7fIh7OaAd
aZvVk1i52FD8VwvLZfSD2aB8brkUGOLbOA83KW9zlRflXlQRZoTMVjXPkkhQQ8T+
7B9OjKSWvBTeeLeZXW4M4f3Bk/gBpg==
=O0e9
-----END PGP SIGNATURE-----

python-git 3.1.36-1 MIGRATED to testing

Thu, 21 Sep 2023 05:03:30 +0000

From: [email protected]" target="_blank">Debian testing watch <[email protected]>
Subject: python-git 3.1.36-1 MIGRATED to testing
To: [email protected]" target="_blank"> <[email protected]>
Date: Thu, 21 Sep 2023 04:39:11 +0000

FYI: The status of the python-git source package
in Debian's testing distribution has changed.

  Previous version: 3.1.30-1
  Current version:  3.1.36-1

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

Accepted python-git 3.1.36-1 (source) into unstable

Mon, 18 Sep 2023 20:39:56 +0000

From: [email protected]" target="_blank">Debian FTP Masters <[email protected]>
To: [email protected]" target="_blank"> <[email protected]>
Subject: Accepted python-git 3.1.36-1 (source) into unstable
Date: Mon, 18 Sep 2023 20:39:50 +0000
Signed by: [email protected]" target="_blank">Hans-Christoph Steiner <[email protected]>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 18 Sep 2023 22:09:04 +0200
Source: python-git
Architecture: source
Version: 3.1.36-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <[email protected]>
Changed-By: Hans-Christoph Steiner <[email protected]>
Changes:
 python-git (3.1.36-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream version 3.1.36
Checksums-Sha1:
 160c3306a75acdd0fa514114abd18a77f864f096 2397 python-git_3.1.36-1.dsc
 ed816f20cf47cf25778bb45c543288df58e15326 486095 python-git_3.1.36.orig.tar.gz
 2af815d362edd01f1a01c862d5cf0fa5636aaaee 6908 python-git_3.1.36-1.debian.tar.xz
 74ec8194c0076df30d91675728a6240b05097437 8678 python-git_3.1.36-1_source.buildinfo
Checksums-Sha256:
 3ed1350f5c6923148de5f1a6706f6132c55b5b1d49105a28f42286677076d3d7 2397 python-git_3.1.36-1.dsc
 17655e095db95f6d25affada911b706483075532719ad6df7bbc879e2b8c1838 486095 python-git_3.1.36.orig.tar.gz
 7356abc0d18d823826e7bdab53fcd936baa71d4d0983118edd96ca1331b3db1c 6908 python-git_3.1.36-1.debian.tar.xz
 d20f33a39afb3746e79461083a3229019cefee992148b1ad94e354071987f58f 8678 python-git_3.1.36-1_source.buildinfo
Files:
 2ff6c912c00fa4b2e84cb9b2b4538301 2397 python optional python-git_3.1.36-1.dsc
 a8be797f09ac62557c8835fd537eec3b 486095 python optional python-git_3.1.36.orig.tar.gz
 8d055bc9906e2c35ea98eeee82dad279 6908 python optional python-git_3.1.36-1.debian.tar.xz
 f2022f547c1f750efa290bc749bcb4d7 8678 python optional python-git_3.1.36-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEElyI52+aGmfUmwGoFPhd4F7obm/oFAmUIrtwACgkQPhd4F7ob
m/r/Wwf+PcUuu12rqQsE2u6XzDdj1UstwxnaUc1CLcQsBS5H7OI3aBe63G6p8E/L
r3AE+Tn2Zpowim9DatGU+Cbfc9yHWtdHlp6oiqqII7RMVMFQf+dObnVGNiOC8aPu
TMXXMXwrV8AvLg3KTeWj027VPwkbtDDABWujrYyotuwfx8F/CruksvviHWsvG2Z3
MDj1zPY8yE4XwRCnl6H5IPGWa+h3Fv88kEf4c4HM3+tT4cn4uZ/klBt7t34eIjgB
2YT+0L4NLLrmSYCOUv7K/Bk1Y0X1mUpxh7sj3DXxWxf0GgpKCrKGaZNJ+0lUAHqv
AhSd8jtDJ+SMXLMyPQOTa5CDPLs6kg==
=7Ffu
-----END PGP SIGNATURE-----

Accepted python-git 2.1.11-1+deb10u1 (source) into oldoldstable

Mon, 24 Jul 2023 22:01:34 +0000

From: [email protected]" target="_blank">Debian FTP Masters <[email protected]>
To: [email protected]" target="_blank"> <[email protected]> , [email protected]" target="_blank"> <[email protected]>
Subject: Accepted python-git 2.1.11-1+deb10u1 (source) into oldoldstable
Date: Mon, 24 Jul 2023 21:35:00 +0000
Signed by: [email protected]" target="_blank">Sylvain Beucler <[email protected]>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 24 Jul 2023 11:08:59 +0200
Source: python-git
Architecture: source
Version: 2.1.11-1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Python Modules Team <[email protected]>
Changed-By: Sylvain Beucler <[email protected]>
Closes: 1027163
Changes:
 python-git (2.1.11-1+deb10u1) buster-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2022-24439: Remote Code Execution (RCE) due to improper user input
     validation, which makes it possible to inject a maliciously crafted
     remote URL into the clone command. Exploiting this vulnerability is
     possible because the library makes external calls to git without
     sufficient sanitization of input arguments. (Closes: #1027163)
   * [CVE pending] Follow-up fix for CVE-2022-24439.
Checksums-Sha1:
 53147cda152605cfd17217f09fc5058c89973dca 2459 python-git_2.1.11-1+deb10u1.dsc
 ce688b7680625d1417feafd94b79312c2750020c 428531 python-git_2.1.11.orig.tar.gz
 c38a90021ff59355d518fee1f6e9ef2b1db69573 14112 python-git_2.1.11-1+deb10u1.debian.tar.xz
 c7d92395e23468805263689fa44ce4023e7642eb 9088 python-git_2.1.11-1+deb10u1_all.buildinfo
Checksums-Sha256:
 23cf0eed3bd11b2292d1d00e45e7359e3eda86f14d7fc95ac52cdbc41295664e 2459 python-git_2.1.11-1+deb10u1.dsc
 8237dc5bfd6f1366abeee5624111b9d6879393d84745a507de0fda86043b65a8 428531 python-git_2.1.11.orig.tar.gz
 5d98fbe12402c921aa54b6f3e3c493caaddb19de599bc40ff9a9ac2ba52b54e7 14112 python-git_2.1.11-1+deb10u1.debian.tar.xz
 665b864f11ad0eb233cf750d89c58a98af229365257dda3127867373455e0722 9088 python-git_2.1.11-1+deb10u1_all.buildinfo
Files:
 a3c773074b24a6c9a78c1e67311f6899 2459 python optional python-git_2.1.11-1+deb10u1.dsc
 cee43a39a1468084d49d1c49fb675204 428531 python optional python-git_2.1.11.orig.tar.gz
 a7c2dabd5c05101a0d6a7ef9d41a72b8 14112 python optional python-git_2.1.11-1+deb10u1.debian.tar.xz
 189f350118d823674d36ec3f92478203 9088 python optional python-git_2.1.11-1+deb10u1_all.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmS+yMoACgkQDTl9HeUl
XjCmZw/9E2a/qUNDNicVGPy5avxOTp4fif/TBvbHdLz0fwZdWslVBHyHvAwbzsRn
5OLHuIqNokQgVN44yMAsldAppyCB4HUwVjufnDlEe+ycYnt+o+P2D+flU6iAAY+m
cS4sZg6wHBpaJiPaa7GOP28rf3RuzDJKVubdOWX2zesR4REnBvdSc34O4K4NwB4d
wbIxhIXmDXSokBerxv5ISPzTN5ym6D8gNLX1Z/VOb+OD60HOrjwY13qXsJbNKiGL
jj8jZaCtRVN4nUWSntQ8+rffLi8x+ufmJ6Ej2Y0+hpwtriacOWOw2kFsMDK25+b+
xOSIzoWq/EwdaoWkD3rif6nWcsVCIbVPwi1GMG9wq7pJAuGDt+0/vdcF/30tnyZc
ldKTu5nTRAyiURq8NV/ofCifNUw9BV8vSYDb07OMICAjf9tPP3VdEG1p9yVeVyEL
cHcLp0srhbRdj7kgKQzkXHevr7bC2o6x7xgqt3GcmQ5Oi0phxD9CTinH3sdHxm3e
BwRinbgxcuFIH8GqpQXzJVuOArDwAmWE2l/UDiCETCJkA1fNcgJkR2GbosIasjk2
5Z66dth+ECEHXkESFu+kzXSb/BYGrMueKy70x7aRklT7bUEZFLDSWIf0RspcWZLP
rWPosXSR1KthnfFxVn3INz71HBVn2VmPGEIFtSgJxkuQQsG8lcE=
=jumt
-----END PGP SIGNATURE-----

python-git 3.1.30-1 MIGRATED to testing

Wed, 11 Jan 2023 04:39:34 +0000

From: [email protected]" target="_blank">Debian testing watch <[email protected]>
Subject: python-git 3.1.30-1 MIGRATED to testing
To: [email protected]" target="_blank"> <[email protected]>
Date: Wed, 11 Jan 2023 04:39:13 +0000

FYI: The status of the python-git source package
in Debian's testing distribution has changed.

  Previous version: 3.1.27-1
  Current version:  3.1.30-1

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

Accepted python-git 3.1.30-1 (source) into unstable

Sat, 07 Jan 2023 18:40:12 +0000

From: [email protected]" target="_blank">Debian FTP Masters <[email protected]>
To: [email protected]" target="_blank"> <[email protected]>
Subject: Accepted python-git 3.1.30-1 (source) into unstable
Date: Sat, 07 Jan 2023 18:40:07 +0000
Signed by: [email protected]" target="_blank">Jochen Sprickerhof <[email protected]>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 07 Jan 2023 15:36:58 +0100
Source: python-git
Architecture: source
Version: 3.1.30-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <[email protected]>
Changed-By: Jochen Sprickerhof <[email protected]>
Closes: 1018503 1027163
Changes:
 python-git (3.1.30-1) unstable; urgency=medium
 .
   [ Debian Janitor ]
   * Team upload.
   * Update standards version to 4.6.1, no changes needed.
 .
   [ Jochen Sprickerhof ]
   * Switch d/watch to Github
   * New upstream version 3.1.30 (Closes: #1027163)
     - CVE-2022-24439: Remote Code Execution
   * Minimize d/rules
   * Update (build) dependencies (Closes: #1018503)
   * Add autopkgtest
   * Drop salsa-ci.yml
   * Bump policy version (no changes)
   * Move package description to source package
   * Add R³
Checksums-Sha1:
 47be56d2419f5b9b88c56c04c6bc142f86ec188c 2742 python-git_3.1.30-1.dsc
 182e33029e675dc700d90006c6508e31a2579b10 477652 python-git_3.1.30.orig.tar.gz
 f43bd6d90ebf49287b367c73fed35cc9f2448abf 6864 python-git_3.1.30-1.debian.tar.xz
 c56e518f0076cb997d310fd4e7f609f976b071a7 7471 python-git_3.1.30-1_source.buildinfo
Checksums-Sha256:
 902263de7b2dae1a27293582ee79c46d0157f20ad80fbd1947a58ab42835820b 2742 python-git_3.1.30-1.dsc
 faa4b66b0b75f172358fbb75243c9d2a70b26623232eef365739fc96e9ecffc8 477652 python-git_3.1.30.orig.tar.gz
 bb5c80a375b1ebac16a400565e458696c5c2acc9e3eb159b7fb00b3b45380b19 6864 python-git_3.1.30-1.debian.tar.xz
 537fe7ae5c9430fabae5ed3c41c3dba2845df6886ea8bf6da8aeae3f39690df2 7471 python-git_3.1.30-1_source.buildinfo
Files:
 cf803b9b3173100a59151b4b3c7dc49a 2742 python optional python-git_3.1.30-1.dsc
 50bee4876f7e4ac3a67111c0aa602d0d 477652 python optional python-git_3.1.30.orig.tar.gz
 ff7e9a14718b141d0c39e03c7bdc1d66 6864 python optional python-git_3.1.30-1.debian.tar.xz
 2bbcbcaa974dceba4e20c75ea679720f 7471 python optional python-git_3.1.30-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEc7KZy9TurdzAF+h6W//cwljmlDMFAmO5iEkACgkQW//cwljm
lDMC1hAAjYgSmM+2Ew8k4SiMUe+aQOp38v9K4duGX4STtvgO2tqojqnXOT2Bwy27
kKq691cnZIeOpOmjFWa6QbxmQGrs4gJABcKiDIHexR3yYOLmmoamWj5nXJWF8Xms
XXKlAnL/FA64wnGSdWXBUjZBiKZ1lHc8tyP610joswpfyNkeqFVn8JyKj3gHyUIn
QMVjDFjVR7YtmMTnvRCcy3hYHXhBEqsVVK3e+B3GvovQySyx8Ye+BuesaMDllOjJ
bpUj73AiS0QkXW3UjW4AN+Nb966DqDUhnpYjg6+Rsqh5+qIjpHP8ajfiCf4/SrQY
02IPzF2j6hyD3OqihcCwRoASV3cUFZxE15Bx0HOcVjd/zUdbr3PHmaDrMGLPtjKk
6P4eprXyAaLlUkvNm1tboXmTx2WYbOO9C8aLOokpcgOl1kQA02AzteZVEaVBXmlt
btp5GooqeVhpVzOFaKBEj0/q4LWnvyXafu8gi50Ak5ljywTXaoQuo6kufkTU/Cch
d3o78YpDgOSDmuJpYuDK1SWDZGoBs5nLEPAQhIeF8Z5CcetjZPp3hYvL0aDk/gVy
luOQ5t3w6Vl3Qx7i8xH4xp/wPyPVwyGPPdpbACdvQ40pPUANHow/mUKnTnPGI7gl
O7ocN9sZ9JgrEeqEDr4yMpIVN/GC3adgEo+oV5P5ux4TVSdLQTc=
=gpgj
-----END PGP SIGNATURE-----

python-git 3.1.27-1 MIGRATED to testing

Thu, 07 Apr 2022 04:39:19 +0000

From: [email protected]" target="_blank">Debian testing watch <[email protected]>
Subject: python-git 3.1.27-1 MIGRATED to testing
To: [email protected]" target="_blank"> <[email protected]>
Date: Thu, 07 Apr 2022 04:39:07 +0000

FYI: The status of the python-git source package
in Debian's testing distribution has changed.

  Previous version: 3.1.24-1
  Current version:  3.1.27-1

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.

Accepted python-git 3.1.27-1 (source) into unstable

Fri, 01 Apr 2022 14:37:39 +0000

From: [email protected]" target="_blank">Debian FTP Masters <[email protected]>
To: [email protected]" target="_blank"> <[email protected]>
Subject: Accepted python-git 3.1.27-1 (source) into unstable
Date: Fri, 01 Apr 2022 14:37:35 +0000
Signed by: [email protected]" target="_blank">TANIGUCHI Takaki <[email protected]>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 01 Apr 2022 22:47:57 +0900
Source: python-git
Architecture: source
Version: 3.1.27-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <[email protected]>
Changed-By: TANIGUCHI Takaki <[email protected]>
Changes:
 python-git (3.1.27-1) unstable; urgency=medium
 .
   * New upstream version 3.1.27
Checksums-Sha1:
 799c1d66aa132a6100f883d9976aa544640d8301 2327 python-git_3.1.27-1.dsc
 cfff8740595059a8fbd8e0b027fe238c26de2e82 192188 python-git_3.1.27.orig.tar.gz
 fbf3467df9c023cdec6032fd20ad73c4175d101e 6952 python-git_3.1.27-1.debian.tar.xz
 a77d02e142d7e72663ff83fe91d09e24d38a9316 9058 python-git_3.1.27-1_source.buildinfo
Checksums-Sha256:
 c9dde326d918cf83fcc6d69743c948dcca4bd3a75fddde8549064021e57382cb 2327 python-git_3.1.27-1.dsc
 1c885ce809e8ba2d88a29befeb385fcea06338d3640712b59ca623c220bb5704 192188 python-git_3.1.27.orig.tar.gz
 d414dacf2784b64915e8aa7d5459fb4b9c1f018a614096d11538dee1d5678fb9 6952 python-git_3.1.27-1.debian.tar.xz
 a8307305d3a392369b16ea6099e408d2c5f2488c8e8eb4ad48b0979c85512030 9058 python-git_3.1.27-1_source.buildinfo
Files:
 25723baa0eca475781c04ea3875e3960 2327 python optional python-git_3.1.27-1.dsc
 dc3bde87ec2c22b8117eecc1c351c417 192188 python optional python-git_3.1.27.orig.tar.gz
 3fe44d5818402ed77ddaa3bfbfc5bcd0 6952 python optional python-git_3.1.27-1.debian.tar.xz
 926b802575e67e204d1135da7c4067ff 9058 python optional python-git_3.1.27-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCAAwFiEE0kq/0SfNJVahPGx5zBSfbCil4lcFAmJHApwSHHRha2FraUBk
ZWJpYW4ub3JnAAoJEMwUn2wopeJXgzAP+gIGLozDNvsqx+YEmpbWRT2LkUj5GcHQ
67t5bh3Wgmxt60Q4+OHjyEokx/uiH3unzNN+4vtKo3WMOzb74j5vqE6qt7VKiJ/3
gtvvSZ8wK2uYnKz2ylErrg1C7Kh4FnoUVU66M9G/Juriok4kit3cFODaFvJ8PBD3
/tOnR1PJ2j/cFWNp+YgyvrgmG2TzzxaMgSyE5bPrsRDafaPmqsztywCxnwNBBSHV
DJhXjkpndPlBXk34JrK9blNnM9CCFlrTXJJ5eBUeLo3V4dkfxz74jeThVdzIjfOL
o5wJLCwdBwbywBw16YzKcWUt+lnJQau5QkWXKteQ/QlFftJDx6jCxKEw2LO1LHAl
oY4bznNXGjvqo4ZnYUftNQmq7NDrXb43Mrwz5uiqoN73KyjFe8NvbtkyzNkr8HBQ
ZL6g2a/R7d6Rv++3/pTiCXyXbe/6CacRL7y9D8+BplVbB7fL11WEJFaIQL2Rbm8J
AApC5T9m225cC7adPzGr5m91CodDTzR86eii3c4SFp1BIAP3ZIAR3/MawbxhymKA
uML71/OP1hnU8vNEvzR+nWPTuXY0lBma0lbS1MCSpedllFpmyK3mcx+hNbGZXsVM
KA7zvXNsiDNslhfn3B9NlFhBDIZcjmtdGwiM3zbiFJiTr2wULuC9wZjr3qQQqMo/
CuyvKzcmxeCJ
=LX5I
-----END PGP SIGNATURE-----

python-git 3.1.24-1 MIGRATED to testing

Fri, 03 Dec 2021 04:39:28 +0000

From: [email protected]" target="_blank">Debian testing watch <[email protected]>
Subject: python-git 3.1.24-1 MIGRATED to testing
To: [email protected]" target="_blank"> <[email protected]>
Date: Fri, 03 Dec 2021 04:39:12 +0000

FYI: The status of the python-git source package
in Debian's testing distribution has changed.

  Previous version: 3.1.23-1
  Current version:  3.1.24-1

-- 
This email is automatically generated once a day.  As the installation of
new packages into testing happens multiple times a day you will receive
later changes on the next day.
See https://release.debian.org/testing-watch/ for more information.