Overview

File _patchinfo of Package patchinfo.8189

<patchinfo incident="8189">
  <issue id="1095219" tracker="bnc">VUL-0: CVE-2018-11235: git,libgit2: arbitrary code execution when recursively cloning a malicious repository</issue>
  <issue id="1100612" tracker="bnc">VUL-0: CVE-2018-10888: libgit2: an improper input validation leads to an out-of-bound read in git_delta_apply, allowing to read beyond delta limits</issue>
  <issue id="1100613" tracker="bnc">VUL-0: CVE-2018-10887: libgit2: integer overflow leads to out-of-bounds read in git_delta_apply, allowing to read before base array</issue>
  <issue id="1104641" tracker="bnc">VUL-0: libgit2: out-of-bounds reads when processing smart-protocol "ng" packets</issue>
  <issue tracker="cve" id="2018-11235"/>
  <issue tracker="cve" id="2018-10888"/>
  <issue tracker="cve" id="2018-10887"/>
  <issue tracker="cve" id="2018-15501"/>
  <category>security</category>
  <rating>important</rating>
  <packager>mgorse</packager>
  <description>This update for libgit2 to version 0.26.5 fixes the following issues:

The following security vulnerabilities were addressed:

- CVE-2018-10887: Fixed an integer overflow which in turn leads to an out of
  bound read, allowing to read the base object, which could be exploited by
  an attacker to cause denial of service (DoS) (bsc#1100613).
- CVE-2018-10888: Fixed an out-of-bound read while reading a binary delta file,
  which could be exploited by an attacker t ocause a denial of service (DoS)
  (bsc#1100612).
- CVE-2018-11235: Fixed a remote code execution, which could occur with a
  crafted .gitmodules file (bsc#1095219)
- CVE-2018-15501: Prevent out-of-bounds reads when processing smart-protocol "ng" packets
  (bsc#1104641)
</description>
  <summary>Security update for libgit2</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places