AVG-131

Package libgit2
Status Fixed
Severity High
Type multiple issues
Affected 1:0.24.3-1
Fixed 1:0.24.6-1
Current 1:0.27.0-1 [extra]
Ticket None
Created Wed Jan 11 08:20:34 2017
Issue Severity Remote Type Description
CVE-2016-10130 High Yes Insufficient validation
An issue has been discovered when checking certificate validity before clobbering the error variable. A valid parameter is provided to indicate whether the...
CVE-2016-10129 Medium Yes Denial of service
The Git protocol does not specify what should happen in the case of an empty packet line (that is a packet line "0004"). currently it indicates success, but...
CVE-2016-10128 High Yes Arbitrary code execution
Each packet line in the Git protocol is prefixed by a four-byte length of how much data will follow, which we parse in `git_pkt_parse_line`. The transmitted...
Date Advisory Package Description
15 Jan 2017 ASA-201701-21 libgit2 multiple issues
References
http://www.openwall.com/lists/oss-security/2017/01/11/6
Notes
Missing CVE-2017-5338, CVE-2017-5339 seem to be for test code.