libgit2

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A linkable library for Git
Version 1:0.26.0-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-131 1:0.24.3-1 1:0.24.6-1 High Fixed
AVG-45 1:0.24.2-1 1:0.24.3-1 Low Fixed
Issue Group Severity Remote Type Description
CVE-2016-8569 AVG-45 Low Yes Denial of service
A null pointer dereference has been discovered while showing a malformed object file.
CVE-2016-8568 AVG-45 Low Yes Denial of service
A heap-based read out-of-bounds access has been discovered while parsing a malformed object file.
CVE-2016-10130 AVG-131 High Yes Insufficient validation
An issue has been discovered when checking certificate validity before clobbering the error variable. A valid parameter is provided to indicate whether the...
CVE-2016-10129 AVG-131 Medium Yes Denial of service
The Git protocol does not specify what should happen in the case of an empty packet line (that is a packet line "0004"). currently it indicates success, but...
CVE-2016-10128 AVG-131 High Yes Arbitrary code execution
Each packet line in the Git protocol is prefixed by a four-byte length of how much data will follow, which we parse in `git_pkt_parse_line`. The transmitted...

Advisories

Date Advisory Group Severity Description
15 Jan 2017 ASA-201701-21 AVG-131 High multiple issues
16 Nov 2016 ASA-201611-17 AVG-45 Low denial of service