golang-github-go-git-go-git (5.4.2-4ubuntu0.24.04.3+esm2) noble-security; urgency=medium

  * SECURITY UPDATE: Denial of service during pull operations
    - debian/patches/CVE-2023-49568.patch: Stop commit iteration at earliest
      shallow boundary during pull operations in remote.go and worktree.go
    - CVE-2023-49568
  * SECURITY UPDATE: Path traversal when crafted reference names allow
    filesystem writes outside repository paths
    - debian/patches/CVE-2023-49569.patch: Validate Git reference names before
      creating branches, tags, and remotes in plumbing/reference.go
    - CVE-2023-49569
  * SECURITY UPDATE: Argument injection when git-upload-pack flags are modified
    - debian/patches/CVE-2025-21613.patch: Convert file transport endpoint
      paths to absolute paths in plumbing/transport/common.go
    - CVE-2025-21613
  * SECURITY UPDATE: Denial of service during sideband stream processing
    - debian/patches/CVE-2025-21614.patch: Return io.EOF on empty sideband
      packets to terminate demux scanner correctly in
      plumbing/protocol/packp/sideband/demux.go
    - CVE-2025-21614
  * SECURITY UPDATE: Data integrity validation failure when corrupted packfiles
    bypass checksum verification
    - debian/patches/CVE-2026-25934.patch: Detect malformed packfiles during
      parsing in plumbing/format/packfile/parser.go and scanner.go
    - CVE-2026-25934

 -- Shafayat Hossain Majumder <shafayat.majumder@canonical.com>  Wed, 11 Mar 2026 09:22:21 -0400

golang-github-go-git-go-git (5.4.2-4ubuntu0.24.04.3+esm1) noble-security; urgency=medium

  * No change rebuild due to golang-golang-x-net and golang-1.22 update

 -- Evan Caville <evan.caville@canonical.com>  Fri, 18 Jul 2025 13:12:45 +1000

golang-github-go-git-go-git (5.4.2-4ubuntu0.24.04.2+esm1) noble-security; urgency=medium

  * No change rebuild due to golang-golang-x-net update

 -- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com>  Mon, 24 Feb 2025 17:26:02 -0330

golang-github-go-git-go-git (5.4.2-4ubuntu0.24.04.2) noble-security; urgency=medium

  * No change rebuild due to golang-1.22 update

 -- Evan Caville <evan.caville@canonical.com>  Fri, 01 Nov 2024 10:16:25 +0100

golang-github-go-git-go-git (5.4.2-4ubuntu0.24.04.1) noble-security; urgency=medium

  * No change rebuild due to golang-1.21 update

 -- Nishit Majithia <nishit.majithia@canonical.com>  Fri, 12 Jul 2024 13:41:12 +0530

golang-github-go-git-go-git (5.4.2-4) unstable; urgency=medium

  * Team upload.
  * Add tzdata to Build-Depends. Closes: #1027907.

 -- Santiago Vila <sanvila@debian.org>  Tue, 31 Oct 2023 23:45:00 +0100

golang-github-go-git-go-git (5.4.2-3) unstable; urgency=medium

  * Source only upload for migration to testing

 -- Pirate Praveen <praveen@debian.org>  Mon, 22 Nov 2021 10:07:32 +0530

golang-github-go-git-go-git (5.4.2-2) unstable; urgency=medium

  * Rebuild for unique version in DAK (-1 was REJECTED)

 -- Pirate Praveen <praveen@debian.org>  Fri, 19 Nov 2021 18:22:58 +0530

golang-github-go-git-go-git (5.4.2-1) unstable; urgency=medium

  * Initial release (Closes: #998884)

 -- Pirate Praveen <praveen@debian.org>  Tue, 09 Nov 2021 17:33:39 +0530
