-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5849-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
January 24, 2025                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : git-lfs
CVE ID         : CVE-2024-53263

It was discovered that Git LFS, a Git extension for versioning large
files, could leak authentication credentials in some setups.

For the stable distribution (bookworm), this problem has been fixed in
version 3.3.0-1+deb12u1.

We recommend that you upgrade your git-lfs packages.

For the detailed security status of git-lfs please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/git-lfs

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmeT4i0ACgkQEMKTtsN8
TjbXLxAApWN3H3vg6FUtFxUWI7iJcVjoqV4FRRc7dWGdiIPB3SyyvcT2/wbSgZx6
S1SLvJ/vpf8eC/4LlfWkUotXhNSwysM8qLPDUn4n8OM/pjZtQ2R1jQBYAotNVhDA
cKFbbbpELPGZ+HIcN7qjCyT6UdfCqISG5eLCCY7WRU7GVN05/MXBYmFFl6sFD/dQ
uo5eqlCmNp8htdKVkcvbRh6s6+YM3qzvuKXgkrdoblABtI6ALoGXtik0pBI1meO+
9earfYBB3krZmVfbCqzhvL33DZih9RKvsEqDfX+mUWKxNKryoZnznYEQ1m8GsJP+
aLC4xSW1chMlSjBxUWvZPNlihEHWmzFuPGYXhdM9MiQBtXdESyfFqUhZLt+7znHu
2MjvhRcEYtfn+msTa0eIBrMCBwOoUCHeyBL1m/ox3V7EljttezyLvnr7ed77LvSD
p4U75DeGjXpOjUEnaCebS3OOcVe2kOFU0eVtasSPmmUJQQZ6w33AZAQpgXuf84j3
lYJvFWCgZJwM7WDBH+m1OeGFlpNZntFUoU+TneaIcL1emu7hAdF2W+HII4tPOZck
eahAsc3qQvhmPxHJmggqOtPMkT9/1+PPbIg2fxXcCgsKqvB/mse87GUN8jEjAZ+t
iUOKY1u8VDhzV1oUnrpHl6dyLpAzuttg/Kvi9oun2a5faiJEaZQ=
=4gQp
-----END PGP SIGNATURE-----