{"id":"USN-5376-4","summary":"git regression","details":"USN-5376-1 fixed a vulnerability in Git. It was discovered that the safety\nchecks introduced in the update were not able to be set using the command\nline, contrary to expectations. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\n 俞晨东 discovered that Git incorrectly handled certain repository paths  in\n platforms with multiple users support. An attacker could possibly use\n this issue to run arbitrary commands.","modified":"2026-02-28T06:27:56.297565Z","published":"2026-02-25T13:35:46Z","references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5376-4"},{"type":"REPORT","url":"https://launchpad.net/bugs/2142239"}],"affected":[{"package":{"name":"git","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/git@1:2.25.1-1ubuntu3.14+esm4?arch=source&distro=esm-infra/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.25.1-1ubuntu3.14+esm4"}]}],"versions":["1:2.20.1-2ubuntu1","1:2.24.0-1ubuntu1","1:2.24.0-1ubuntu2","1:2.25.0-1ubuntu1","1:2.25.1-1ubuntu1","1:2.25.1-1ubuntu2","1:2.25.1-1ubuntu3","1:2.25.1-1ubuntu3.1","1:2.25.1-1ubuntu3.2","1:2.25.1-1ubuntu3.3","1:2.25.1-1ubuntu3.4","1:2.25.1-1ubuntu3.5","1:2.25.1-1ubuntu3.6","1:2.25.1-1ubuntu3.7","1:2.25.1-1ubuntu3.8","1:2.25.1-1ubuntu3.10","1:2.25.1-1ubuntu3.11","1:2.25.1-1ubuntu3.12","1:2.25.1-1ubuntu3.13","1:2.25.1-1ubuntu3.14","1:2.25.1-1ubuntu3.14+esm1","1:2.25.1-1ubuntu3.14+esm2","1:2.25.1-1ubuntu3.14+esm3"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_name":"git","binary_version":"1:2.25.1-1ubuntu3.14+esm4"},{"binary_name":"git-all","binary_version":"1:2.25.1-1ubuntu3.14+esm4"},{"binary_name":"git-cvs","binary_version":"1:2.25.1-1ubuntu3.14+esm4"},{"binary_name":"git-daemon-run","binary_version":"1:2.25.1-1ubuntu3.14+esm4"},{"binary_name":"git-daemon-sysvinit","binary_version":"1:2.25.1-1ubuntu3.14+esm4"},{"binary_name":"git-el","binary_version":"1:2.25.1-1ubuntu3.14+esm4"},{"binary_name":"git-email","binary_version":"1:2.25.1-1ubuntu3.14+esm4"},{"binary_name":"git-gui","binary_version":"1:2.25.1-1ubuntu3.14+esm4"},{"binary_name":"git-man","binary_version":"1:2.25.1-1ubuntu3.14+esm4"},{"binary_name":"git-mediawiki","binary_version":"1:2.25.1-1ubuntu3.14+esm4"},{"binary_name":"git-svn","binary_version":"1:2.25.1-1ubuntu3.14+esm4"},{"binary_name":"gitk","binary_version":"1:2.25.1-1ubuntu3.14+esm4"},{"binary_name":"gitweb","binary_version":"1:2.25.1-1ubuntu3.14+esm4"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:20.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5376-4.json"}},{"package":{"name":"git","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/git@1:2.34.1-1ubuntu1.16?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.34.1-1ubuntu1.16"}]}],"versions":["1:2.32.0-1ubuntu1","1:2.33.1-1ubuntu1","1:2.34.1-1ubuntu1","1:2.34.1-1ubuntu1.1","1:2.34.1-1ubuntu1.2","1:2.34.1-1ubuntu1.4","1:2.34.1-1ubuntu1.5","1:2.34.1-1ubuntu1.6","1:2.34.1-1ubuntu1.8","1:2.34.1-1ubuntu1.9","1:2.34.1-1ubuntu1.10","1:2.34.1-1ubuntu1.11","1:2.34.1-1ubuntu1.12","1:2.34.1-1ubuntu1.13","1:2.34.1-1ubuntu1.14","1:2.34.1-1ubuntu1.15"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"git","binary_version":"1:2.34.1-1ubuntu1.16"},{"binary_name":"git-all","binary_version":"1:2.34.1-1ubuntu1.16"},{"binary_name":"git-cvs","binary_version":"1:2.34.1-1ubuntu1.16"},{"binary_name":"git-daemon-run","binary_version":"1:2.34.1-1ubuntu1.16"},{"binary_name":"git-daemon-sysvinit","binary_version":"1:2.34.1-1ubuntu1.16"},{"binary_name":"git-email","binary_version":"1:2.34.1-1ubuntu1.16"},{"binary_name":"git-gui","binary_version":"1:2.34.1-1ubuntu1.16"},{"binary_name":"git-man","binary_version":"1:2.34.1-1ubuntu1.16"},{"binary_name":"git-mediawiki","binary_version":"1:2.34.1-1ubuntu1.16"},{"binary_name":"git-svn","binary_version":"1:2.34.1-1ubuntu1.16"},{"binary_name":"gitk","binary_version":"1:2.34.1-1ubuntu1.16"},{"binary_name":"gitweb","binary_version":"1:2.34.1-1ubuntu1.16"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5376-4.json"}}],"schema_version":"1.7.3"}