AVG-131 log
| Package | libgit2 |
| Status | Fixed |
| Severity | High |
| Type | multiple issues |
| Affected | 1:0.24.3-1 |
| Fixed | 1:0.24.6-1 |
| Current | 1:1.8.0-2 [extra] |
| Ticket | None |
| Created | Wed Jan 11 08:20:34 2017 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2016-10130 | High | Yes | Insufficient validation | An issue has been discovered when checking certificate validity before clobbering the error variable. A valid parameter is provided to indicate whether the... |
| CVE-2016-10129 | Medium | Yes | Denial of service | The Git protocol does not specify what should happen in the case of an empty packet line (that is a packet line "0004"). currently it indicates success, but... |
| CVE-2016-10128 | High | Yes | Arbitrary code execution | Each packet line in the Git protocol is prefixed by a four-byte length of how much data will follow, which we parse in `git_pkt_parse_line`. The transmitted... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 15 Jan 2017 | ASA-201701-21 | libgit2 | multiple issues |
| References |
|---|
http://www.openwall.com/lists/oss-security/2017/01/11/6 |
| Notes |
|---|
Missing CVE-2017-5338, CVE-2017-5339 seem to be for test code. |