Overview
Request 621935 accepted
- libgit2 0.27.3:
* CVE-2018-10887 (bsc#1100613), CVE-2018-10888 (bsc#1100612):
Specially crafted delta object in packfiles could trigger an
integer overflow, bypassing input validation and causing the
object database to contain copies of system memory. This may
allow denial of service or, potentially, an information leak
- includes changes from 0.27.2:
* various API and correctnes fixes
* Fixes related to handling of .gitmodules
- includes changes from 0.27.1:
* CVE-2018-11235: insufficient validation of submodule names from
.gitmodules allowed writes to arbitrary paths (bsc#1095219)
* disallow .gitmodules files as symlinks.
- Created by AndreasStieger
- In state accepted
-
Package maintainer:
dimstar
Request History
AndreasStieger created request
- libgit2 0.27.3:
* CVE-2018-10887 (bsc#1100613), CVE-2018-10888 (bsc#1100612):
Specially crafted delta object in packfiles could trigger an
integer overflow, bypassing input validation and causing the
object database to contain copies of system memory. This may
allow denial of service or, potentially, an information leak
- includes changes from 0.27.2:
* various API and correctnes fixes
* Fixes related to handling of .gitmodules
- includes changes from 0.27.1:
* CVE-2018-11235: insufficient validation of submodule names from
.gitmodules allowed writes to arbitrary paths (bsc#1095219)
* disallow .gitmodules files as symlinks.
dimstar accepted request
