Overview

File _patchinfo of Package patchinfo.4084

<patchinfo incident="4084">
  <issue id="1019037" tracker="bnc">VUL-0: CVE-2016-10130,CVE-2017-5338,CVE-2017-5339: libgit2: MITM possible due to lack of parameter for certificate parameter</issue>
  <issue id="1019036" tracker="bnc">VUL-0: CVE-2016-10128,CVE-2016-10129: libgit2: edge cases in the Git Smart Protocol can lead to attempting to parse outside of the buffer</issue>
  <issue id="2016-10130" tracker="cve" />
  <issue id="2016-10128" tracker="cve" />
  <issue id="2016-10129" tracker="cve" />
  <issue id="2017-5339" tracker="cve" />
  <issue id="2017-5338" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>sreeves1</packager>
  <description>
This update for libgit2 fixes the several issues.

These security issues were fixed:

- CVE-2016-10130: When using the custom certificate callback or when using pygit2 or git2go a attacker could have caused an invalid certificate to be accepted (bsc#1019037).
- CVE-2017-5338: When using the custom certificate callback or when using pygit2 or git2go a attacker could have caused an invalid certificate to be accepted (bsc#1019037).
- CVE-2017-5339: When using the custom certificate callback or when using pygit2 or git2go a attacker could have caused an invalid certificate to be accepted (bsc#1019037).
- CVE-2016-10128: Additional sanitization prevent some edge cases in the Git Smart Protocol which can lead to reading outside of a buffer (bsc#1019036).
- CVE-2016-10129: Additional sanitization prevent some edge cases in the Git Smart Protocol which can lead to reading outside of a buffer (bsc#1019036).
</description>
  <summary>Security update for libgit2</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places