Debian Linux Security Advisory 5357-1 - yvvdwf found a data exfiltration vulnerability while performing local clone from malicious repository even using a non-local transport. Joern Schneeweisz found a path traversal vulnerability in git-apply that a path outside the working tree can be overwritten as the acting user.
1d3b09b9eb94b59ea608248a20c9b4e2bc7dca85f2496bce60579f548dcd692d