Merging debian version 1.3.2-0+deb10u1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 37 insertions, 0 deletions

diff --git a/debian/changelog b/debian/changelog
index 511b147..339632b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,40 @@
+powerline-gitstatus (1.3.2-0+deb10u1) buster-security; urgency=high
+
+  * Non-maintainer upload by the LTS team.
+  * Fix CVE-2022-42906:
+    Powerline Gitstatus, a statusline plugin for the VIM editor, allows
+    arbitrary code execution. Git repositories can contain per-repository
+    configuration that changes the behavior of git, including running arbitrary
+    commands. When using powerline-gitstatus, changing to a directory
+    automatically runs git commands in order to display information about the
+    current repository in the prompt. If an attacker can convince a user to
+    change their current directory to one controlled by the attacker, such as
+    in a shared filesystem or extracted archive, powerline-gitstatus will run
+    arbitrary commands under the attacker's control.
+
+ -- Markus Koschany <apo@debian.org>  Fri, 20 Jan 2023 16:46:31 +0100
+
+powerline-gitstatus (1.3.2-0+deb11u1) bullseye; urgency=medium
+
+  * New upstream version 1.3.2
+    - Fix command injection via malicious repository config (CVE-2022-42906)
+
+ -- Jérôme Charaoui <jerome@riseup.net>  Wed, 26 Oct 2022 22:54:03 -0400
+
+powerline-gitstatus (1.3.1-2) unstable; urgency=medium
+
+  [ Jann Haber ]
+  * Remove python2 stuff from build-deps, since not used anyway
+    (Closes: #937314)
+
+  [ Samuel Henrique ]
+  * Use debhelper-compat 13
+  * Bump Standards-Version to 4.5.0
+  * Add d/salsa-ci.yml and d/gbp.conf
+  * d/control: Switch maintenance to PAPT team and add myself as an uploader
+
+ -- Samuel Henrique <samueloph@debian.org>  Wed, 08 Jul 2020 21:17:05 +0100
+
 powerline-gitstatus (1.3.1-1progress5u1) engywuck; urgency=medium
 
   * Initial reupload to engywuck.