Project

General

Profile

Bug #6740

Bug #6738: libgit2: Multiple vulnerabilities (CVE-2016-10128, CVE-2016-10129, CVE-2016-10130)

[3.5] libgit2: Multiple vulnerabilities (CVE-2016-10128, CVE-2016-10129, CVE-2016-10130)

Added by Alicha CH almost 2 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
01/25/2017
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

CVE-2016-10128: smart_pkt: verify packet length exceeds PKT_LEN_SIZE

Fixed In Version:

libgit2 0.25.1, libgit2 0.24.6

References:

http://seclists.org/oss-sec/2017/q1/59
https://github.com/libgit2/libgit2/releases/tag/v0.24.6

Patch:

https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2

CVE-2016-10129: smart_pkt: treat empty packet lines as error

Fixed In Version:

libgit2 0.25.1, libgit2 0.24.6

References:

http://seclists.org/oss-sec/2017/q1/59
https://github.com/libgit2/libgit2/releases/tag/v0.24.6

Patch:

https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037

CVE-2016-10130: http: check certificate validity before clobbering the error variable

Fixed In Version:

libgit2 0.25.1, libgit2 0.24.6

References:

http://seclists.org/oss-sec/2017/q1/59
https://github.com/libgit2/libgit2/releases/tag/v0.24.6

Patch:

https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211

Associated revisions

Revision 322e4dec (diff)
Added by Sergei Lukin almost 2 years ago

main/libgit2: security upgrade to 0.24.6 - fixes #6740

CVE-2016-10128: smart_pkt: verify packet length exceeds PKT_LEN_SIZE
CVE-2016-10129: smart_pkt: treat empty packet lines as error
CVE-2016-10130: http: check certificate validity before clobbering the error variable

History

#1 Updated by Sergei Lukin almost 2 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#2 Updated by Alicha CH almost 2 years ago

  • Category set to Security
  • Status changed from Resolved to Closed

Also available in: Atom PDF