Overview

File _patchinfo of Package patchinfo.34823

<patchinfo incident="34823">
  <issue tracker="bnc" id="1219660">VUL-0: CVE-2024-24577: git,libgit2: arbitrary code execution due to heap corruption in git_index_add</issue>
  <issue tracker="bnc" id="1219664">VUL-0: CVE-2024-24575: git,libgit2: potential infinite loop condition in git_revparse_single()</issue>
  <issue tracker="cve" id="2024-24577"/>
  <issue tracker="cve" id="2024-24575"/>
  <packager>sbradnick</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for libgit2</summary>
  <description>This update for libgit2 fixes the following issues:

Update to 1.7.2:

Security fixes:

- CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660)
- CVE-2024-24575: Fixed potential infinite loop condition in git_revparse_single() (bsc#1219664)

Other fixes:
- A bug in the smart transport negotiation could have caused an out-of-bounds read when a remote server did not advertise capabilities.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places