Security update for libgit2
This update for libgit2 fixes the following issues:
Security issue fixed:
- CVE-2018-17456: Submodule URLs and paths with a leading "-" are now ignored to avoid injecting options into library consumers that perform recursive clones (bsc#1110949).
Non-security issues fixed:
- Version update to version 0.26.8 (bsc#1114729).
- Full changelog can be found at:
* https://github.com/libgit2/libgit2/releases/tag/v0.26.8
* https://github.com/libgit2/libgit2/releases/tag/v0.26.7
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Michael Gorse (mgorse)
Fixed bugs
bnc#1114729
VUL-0: libgit2: various string-to-integer and buffer handling issues fixed in 0.27.6, 0.26.8
bnc#1110949
VUL-0: CVE-2018-17456: git,libgit2: arbitrary code execution via .gitmodules
