libgit2

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A linkable library for Git
Version 1:0.28.4-1 [extra]

Open

Group Affected Fixed Severity Status Ticket
AVG-1075 1:0.28.3-1 High Vulnerable
Issue Group Severity Remote Type Description
CVE-2019-1387 AVG-1075 Medium Yes Arbitrary code execution
A security issue has been found in git before 2.24.1 where recursive clones are currently affected by a vulnerability that is caused by too-lax validation...
CVE-2019-1354 AVG-1075 High Yes Arbitrary code execution
Filenames on Linux/Unix can contain backslashes. On Windows, backslashes are directory separators. Git did not use to refuse to write out tracked files with...
CVE-2019-1353 AVG-1075 Medium Yes Arbitrary code execution
When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS...
CVE-2019-1352 AVG-1075 Medium Yes Arbitrary code execution
A security issue has been found in git before 2.24.1 where it was unaware of NTFS Alternate Data Streams, allowing files inside the .git/ directory to be...
CVE-2019-1351 AVG-1075 Medium Yes Arbitrary code execution
While the only permitted drive letters for physical drives on Windows are letters of the US-English alphabet, this restriction does not apply to virtual...
CVE-2019-1350 AVG-1075 Medium Yes Arbitrary code execution
Incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs.
CVE-2019-1349 AVG-1075 Medium Yes Arbitrary code execution
A security issue has been found in git before 2.24.1 when using submodule paths that refer to the same file system entity (e.g. using the NTFS Alternate...
CVE-2019-1348 AVG-1075 High Yes Arbitrary code execution
A security issue has been found in git before 2.24.1 where the --export-marks option of git fast-import is exposed also via the in- stream command feature...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-131 1:0.24.3-1 1:0.24.6-1 High Fixed
AVG-45 1:0.24.2-1 1:0.24.3-1 Low Fixed
Issue Group Severity Remote Type Description
CVE-2016-10130 AVG-131 High Yes Insufficient validation
An issue has been discovered when checking certificate validity before clobbering the error variable. A valid parameter is provided to indicate whether the...
CVE-2016-10129 AVG-131 Medium Yes Denial of service
The Git protocol does not specify what should happen in the case of an empty packet line (that is a packet line "0004"). currently it indicates success, but...
CVE-2016-10128 AVG-131 High Yes Arbitrary code execution
Each packet line in the Git protocol is prefixed by a four-byte length of how much data will follow, which we parse in `git_pkt_parse_line`. The transmitted...
CVE-2016-8569 AVG-45 Low Yes Denial of service
A null pointer dereference has been discovered while showing a malformed object file.
CVE-2016-8568 AVG-45 Low Yes Denial of service
A heap-based read out-of-bounds access has been discovered while parsing a malformed object file.

Advisories

Date Advisory Group Severity Description
15 Jan 2017 ASA-201701-21 AVG-131 High multiple issues
16 Nov 2016 ASA-201611-17 AVG-45 Low denial of service