USN-5376-4

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-5376-4

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5376-4.json

JSON Data

https://api.osv.dev/v1/vulns/USN-5376-4

Published

2026-02-25T13:35:46Z

Modified

2026-02-28T06:27:56.297565Z

Summary

git regression

Details

USN-5376-1 fixed a vulnerability in Git. It was discovered that the safety checks introduced in the update were not able to be set using the command line, contrary to expectations. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

俞晨东 discovered that Git incorrectly handled certain repository paths in platforms with multiple users support. An attacker could possibly use this issue to run arbitrary commands.

References

Affected packages

Ubuntu:Pro:20.04:LTS / git

Package

Name: git
Purl: pkg:deb/ubuntu/git@1:2.25.1-1ubuntu3.14+esm4?arch=source&distro=esm-infra/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.25.1-1ubuntu3.14+esm4

Affected versions

1:2.*

1:2.20.1-2ubuntu1

1:2.24.0-1ubuntu1

1:2.24.0-1ubuntu2

1:2.25.0-1ubuntu1

1:2.25.1-1ubuntu1

1:2.25.1-1ubuntu2

1:2.25.1-1ubuntu3

1:2.25.1-1ubuntu3.1

1:2.25.1-1ubuntu3.2

1:2.25.1-1ubuntu3.3

1:2.25.1-1ubuntu3.4

1:2.25.1-1ubuntu3.5

1:2.25.1-1ubuntu3.6

1:2.25.1-1ubuntu3.7

1:2.25.1-1ubuntu3.8

1:2.25.1-1ubuntu3.10

1:2.25.1-1ubuntu3.11

1:2.25.1-1ubuntu3.12

1:2.25.1-1ubuntu3.13

1:2.25.1-1ubuntu3.14

1:2.25.1-1ubuntu3.14+esm1

1:2.25.1-1ubuntu3.14+esm2

1:2.25.1-1ubuntu3.14+esm3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "git",
            "binary_version": "1:2.25.1-1ubuntu3.14+esm4"
        },
        {
            "binary_name": "git-all",
            "binary_version": "1:2.25.1-1ubuntu3.14+esm4"
        },
        {
            "binary_name": "git-cvs",
            "binary_version": "1:2.25.1-1ubuntu3.14+esm4"
        },
        {
            "binary_name": "git-daemon-run",
            "binary_version": "1:2.25.1-1ubuntu3.14+esm4"
        },
        {
            "binary_name": "git-daemon-sysvinit",
            "binary_version": "1:2.25.1-1ubuntu3.14+esm4"
        },
        {
            "binary_name": "git-el",
            "binary_version": "1:2.25.1-1ubuntu3.14+esm4"
        },
        {
            "binary_name": "git-email",
            "binary_version": "1:2.25.1-1ubuntu3.14+esm4"
        },
        {
            "binary_name": "git-gui",
            "binary_version": "1:2.25.1-1ubuntu3.14+esm4"
        },
        {
            "binary_name": "git-man",
            "binary_version": "1:2.25.1-1ubuntu3.14+esm4"
        },
        {
            "binary_name": "git-mediawiki",
            "binary_version": "1:2.25.1-1ubuntu3.14+esm4"
        },
        {
            "binary_name": "git-svn",
            "binary_version": "1:2.25.1-1ubuntu3.14+esm4"
        },
        {
            "binary_name": "gitk",
            "binary_version": "1:2.25.1-1ubuntu3.14+esm4"
        },
        {
            "binary_name": "gitweb",
            "binary_version": "1:2.25.1-1ubuntu3.14+esm4"
        }
    ],
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}

Database specific

cves_map

{
    "cves": [],
    "ecosystem": "Ubuntu:Pro:20.04:LTS"
}

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5376-4.json"

Ubuntu:22.04:LTS / git

Package

Name: git
Purl: pkg:deb/ubuntu/git@1:2.34.1-1ubuntu1.16?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.34.1-1ubuntu1.16

Affected versions

1:2.*

1:2.32.0-1ubuntu1

1:2.33.1-1ubuntu1

1:2.34.1-1ubuntu1

1:2.34.1-1ubuntu1.1

1:2.34.1-1ubuntu1.2

1:2.34.1-1ubuntu1.4

1:2.34.1-1ubuntu1.5

1:2.34.1-1ubuntu1.6

1:2.34.1-1ubuntu1.8

1:2.34.1-1ubuntu1.9

1:2.34.1-1ubuntu1.10

1:2.34.1-1ubuntu1.11

1:2.34.1-1ubuntu1.12

1:2.34.1-1ubuntu1.13

1:2.34.1-1ubuntu1.14

1:2.34.1-1ubuntu1.15

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "git",
            "binary_version": "1:2.34.1-1ubuntu1.16"
        },
        {
            "binary_name": "git-all",
            "binary_version": "1:2.34.1-1ubuntu1.16"
        },
        {
            "binary_name": "git-cvs",
            "binary_version": "1:2.34.1-1ubuntu1.16"
        },
        {
            "binary_name": "git-daemon-run",
            "binary_version": "1:2.34.1-1ubuntu1.16"
        },
        {
            "binary_name": "git-daemon-sysvinit",
            "binary_version": "1:2.34.1-1ubuntu1.16"
        },
        {
            "binary_name": "git-email",
            "binary_version": "1:2.34.1-1ubuntu1.16"
        },
        {
            "binary_name": "git-gui",
            "binary_version": "1:2.34.1-1ubuntu1.16"
        },
        {
            "binary_name": "git-man",
            "binary_version": "1:2.34.1-1ubuntu1.16"
        },
        {
            "binary_name": "git-mediawiki",
            "binary_version": "1:2.34.1-1ubuntu1.16"
        },
        {
            "binary_name": "git-svn",
            "binary_version": "1:2.34.1-1ubuntu1.16"
        },
        {
            "binary_name": "gitk",
            "binary_version": "1:2.34.1-1ubuntu1.16"
        },
        {
            "binary_name": "gitweb",
            "binary_version": "1:2.34.1-1ubuntu1.16"
        }
    ],
    "availability": "No subscription required"
}

Database specific

cves_map

{
    "cves": [],
    "ecosystem": "Ubuntu:22.04:LTS"
}

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5376-4.json"