Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for libgit2

This update for libgit2 fixes the following issues:

- CVE-2016-10130: When using the custom certificate callback or when using pygit2 or git2go a attacker could have caused an invalid certificate to be accepted (bsc#1019037).
- CVE-2017-5338: When using the custom certificate callback or when using pygit2 or git2go a attacker could have caused an invalid certificate to be accepted (bsc#1019037).
- CVE-2017-5339: When using the custom certificate callback or when using pygit2 or git2go a attacker could have caused an invalid certificate to be accepted (bsc#1019037).
- CVE-2016-10128: Additional sanitization prevent some edge cases in the Git Smart Protocol which can lead to reading outside of a buffer (bsc#1019036).
- CVE-2016-10129: Additional sanitization prevent some edge cases in the Git Smart Protocol which can lead to reading outside of a buffer (bsc#1019036).

Fixed bugs
bnc#1019037
VUL-0: CVE-2016-10130,CVE-2017-5338,CVE-2017-5339: libgit2: MITM possible due to lack of parameter for certificate parameter
bnc#1019036
VUL-0: CVE-2016-10128,CVE-2016-10129: libgit2: edge cases in the Git Smart Protocol can lead to attempting to parse outside of the buffer
CVE-2016-10130
CVE-2016-10128
CVE-2016-10129
CVE-2017-5339
CVE-2017-5338
Selected Binaries
openSUSE Build Service is sponsored by
Places