Summary: | <dev-libs/libgit2-{0.26.5, 0.27.3}: out-of-bounds reads when reading objects from a packfile (CVE-2018-10887, CVE-2018-10888) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Michał Górny <mgorny> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | gnome, mgorny |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
dev-libs/libgit2-0.26.5
|
Runtime testing required: | No |
Description
Michał Górny
2018-07-10 06:23:20 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fa3b0b415cd0c9422036864134dcd6b6ef346528 commit fa3b0b415cd0c9422036864134dcd6b6ef346528 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2018-07-10 06:31:17 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2018-07-10 06:49:41 +0000 dev-libs/libgit2: Sec-bump to 0.26.5 & 0.27.3 Bug: https://bugs.gentoo.org/660834 dev-libs/libgit2/Manifest | 2 + dev-libs/libgit2/libgit2-0.26.5.ebuild | 80 ++++++++++++++++++++++++++++++++++ dev-libs/libgit2/libgit2-0.27.3.ebuild | 80 ++++++++++++++++++++++++++++++++++ 3 files changed, 162 insertions(+) Arch teams, please test and stabilize the new release. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ac69fa3d5bd64b6d798b8ffb4869b646bd5bffa1 commit ac69fa3d5bd64b6d798b8ffb4869b646bd5bffa1 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2018-07-10 06:56:30 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2018-07-10 06:58:06 +0000 dev-libs/libgit2: Remove vulnerable 0.27.[12] Bug: https://bugs.gentoo.org/660834 dev-libs/libgit2/Manifest | 2 - dev-libs/libgit2/libgit2-0.27.1.ebuild | 80 ---------------------------------- dev-libs/libgit2/libgit2-0.27.2.ebuild | 80 ---------------------------------- 3 files changed, 162 deletions(-) amd64 stable x86 stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f43e9b1207efa9698ca98d2be4cf5125f5f269fd commit f43e9b1207efa9698ca98d2be4cf5125f5f269fd Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2018-07-18 22:08:21 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2018-07-18 22:11:19 +0000 dev-libs/libgit2: Drop vulnerable 0.26.4 Bug: https://bugs.gentoo.org/660834 dev-libs/libgit2/Manifest | 1 - dev-libs/libgit2/libgit2-0.26.4.ebuild | 80 ---------------------------------- 2 files changed, 81 deletions(-) |