Citing upstream release:
> This is a security release fixing memory handling issues when reading crafted
> repository index files. The issues allow for possible denial of service due to
> allocation of large memory and out-of-bound reads.
> As the index is never transferred via the network, exploitation requires an
> attacker to have access to the local repository.
I have already bumped to 0.26.2 and I suppose we'll want to fast-stabilize it.
@security, could you do your thing and advise?
(In reply to Michał Górny from comment #0)
> @security, could you do your thing and advise?
Thanks Michał, setting whiteboard, and calling arches for stabilization.
@Arches, please test and mark stable.
Incorrect returning of an error code in the index.c:read_entry() function
leads to a double free in libgit2 before v0.26.2, which allows an attacker
to cause a denial of service via a crafted repository index file.
Integer overflow in the index.c:read_entry() function while decompressing a
compressed prefix length in libgit2 before v0.26.2 allows an attacker to
cause a denial of service (out-of-bounds read) via a crafted repository
GLSA Vote: No
Please remove vulnerable versions.
The bug has been referenced in the following commit(s):
Author: Michał Górny <firstname.lastname@example.org>
AuthorDate: 2018-03-20 16:15:58 +0000
Commit: Michał Górny <email@example.com>
CommitDate: 2018-03-20 16:15:59 +0000
dev-libs/libgit2: Drop old, vulnerable 0.26.0
dev-libs/libgit2/Manifest | 1 -
dev-libs/libgit2/libgit2-0.26.0.ebuild | 75 ----------------------------------
2 files changed, 76 deletions(-)}