AVG-45

Package libgit2
Status Fixed
Severity Low
Type denial of service
Affected 1:0.24.2-1
Fixed 1:0.24.3-1
Current 1:0.26.0-1 [extra]
Ticket None
Created Sun Oct 9 21:18:42 2016
Issue Severity Remote Type Description
CVE-2016-8569 Low Yes Denial of service
A null pointer dereference has been discovered while showing a malformed object file.
CVE-2016-8568 Low Yes Denial of service
A heap-based read out-of-bounds access has been discovered while parsing a malformed object file.
Date Advisory Package Description
16 Nov 2016 ASA-201611-17 libgit2 denial of service
References
http://seclists.org/oss-sec/2016/q4/64
Notes
Fixes:
https://github.com/libgit2/libgit2/commit/4974e3a59648095ffa6fce6c5b651a820c0c34b9
https://github.com/libgit2/libgit2/commit/a719ef5e6d4a1a8ec53469c7914032ed67922772