Overview

File _patchinfo of Package patchinfo.9827

<patchinfo incident="9827">
  <issue tracker="bnc" id="1114729">VUL-0: libgit2: various string-to-integer and buffer handling issues fixed in 0.27.6, 0.26.8</issue>
  <issue tracker="bnc" id="1100612">VUL-0: CVE-2018-10888: libgit2: an improper input validation leads to an out-of-bound read in git_delta_apply, allowing to read beyond delta limits</issue>
  <issue tracker="bnc" id="1100613">VUL-0: CVE-2018-10887: libgit2: integer overflow leads to out-of-bounds read in git_delta_apply, allowing to read before base array</issue>
  <issue tracker="bnc" id="1095219">VUL-0: CVE-2018-11235: git,libgit2: arbitrary code execution when recursively cloning a malicious repository</issue>
  <issue tracker="bnc" id="1110949">VUL-0: CVE-2018-17456: git,libgit2: arbitrary code execution via .gitmodules</issue>
  <issue tracker="bnc" id="1085256">VUL-1: CVE-2018-8099: libgit2: Incorrect returning of an error code in the index.c:read_entry() function leads to a double free, which allows an attacker to cause a denial of service via a crafted repository index</issue>
  <issue tracker="bnc" id="1104641">VUL-0: CVE-2018-15501: libgit2: out-of-bounds reads when processing smart-protocol "ng" packets</issue>
  <issue tracker="cve" id="2018-11235"/>
  <issue tracker="cve" id="2018-8099"/>
  <issue tracker="cve" id="2018-10887"/>
  <issue tracker="cve" id="2018-10888"/>
  <issue tracker="cve" id="2018-15501"/>
  <issue tracker="cve" id="2018-19456"/>
  <category>security</category>
  <rating>important</rating>
  <packager>mgorse</packager>
  <description>This update for libgit2 fixes the following issues:

Security issues fixed:

- CVE-2018-19456: Fixed a code execution by malicious .gitmodules file (bsc#1110949)
- CVE-2018-11235: Fixed a remote code execution via submodules in the .gitmodules file (bsc#1095219)
- CVE-2018-10887: Fixed a sign extension of big left-shift (bsc#1100613).
- CVE-2018-10888: Fixed a out-of-bounds read in the git_delta_apply function (bsc#1100612).
- CVE-2018-10887: Fixed a integer overflow in the git_delta_apply function (bsc#1100613).
- CVE-2018-15501: fix potential out-of-bounds read when processing a "ng" smart packet (bsc#1104641).
- CVE-2018-8099: Fixed a denial of service via a crafted repository index file (bsc#1085256).
- various string-to-integer and buffer handling fixes (bsc#1114729).
</description>
  <summary>Security update for libgit2</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places