Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:GA
patchinfo.9827
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.9827
<patchinfo incident="9827"> <issue tracker="bnc" id="1114729">VUL-0: libgit2: various string-to-integer and buffer handling issues fixed in 0.27.6, 0.26.8</issue> <issue tracker="bnc" id="1100612">VUL-0: CVE-2018-10888: libgit2: an improper input validation leads to an out-of-bound read in git_delta_apply, allowing to read beyond delta limits</issue> <issue tracker="bnc" id="1100613">VUL-0: CVE-2018-10887: libgit2: integer overflow leads to out-of-bounds read in git_delta_apply, allowing to read before base array</issue> <issue tracker="bnc" id="1095219">VUL-0: CVE-2018-11235: git,libgit2: arbitrary code execution when recursively cloning a malicious repository</issue> <issue tracker="bnc" id="1110949">VUL-0: CVE-2018-17456: git,libgit2: arbitrary code execution via .gitmodules</issue> <issue tracker="bnc" id="1085256">VUL-1: CVE-2018-8099: libgit2: Incorrect returning of an error code in the index.c:read_entry() function leads to a double free, which allows an attacker to cause a denial of service via a crafted repository index</issue> <issue tracker="bnc" id="1104641">VUL-0: CVE-2018-15501: libgit2: out-of-bounds reads when processing smart-protocol "ng" packets</issue> <issue tracker="cve" id="2018-11235"/> <issue tracker="cve" id="2018-8099"/> <issue tracker="cve" id="2018-10887"/> <issue tracker="cve" id="2018-10888"/> <issue tracker="cve" id="2018-15501"/> <issue tracker="cve" id="2018-19456"/> <category>security</category> <rating>important</rating> <packager>mgorse</packager> <description>This update for libgit2 fixes the following issues: Security issues fixed: - CVE-2018-19456: Fixed a code execution by malicious .gitmodules file (bsc#1110949) - CVE-2018-11235: Fixed a remote code execution via submodules in the .gitmodules file (bsc#1095219) - CVE-2018-10887: Fixed a sign extension of big left-shift (bsc#1100613). - CVE-2018-10888: Fixed a out-of-bounds read in the git_delta_apply function (bsc#1100612). - CVE-2018-10887: Fixed a integer overflow in the git_delta_apply function (bsc#1100613). - CVE-2018-15501: fix potential out-of-bounds read when processing a "ng" smart packet (bsc#1104641). - CVE-2018-8099: Fixed a denial of service via a crafted repository index file (bsc#1085256). - various string-to-integer and buffer handling fixes (bsc#1114729). </description> <summary>Security update for libgit2</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor