Your message dated Wed, 18 Jul 2018 16:19:38 +0530
with message-id <[email protected]>
and subject line fixed in sid long back
has caused the Debian Bug report #840227,
regarding libgit2: CVE-2016-8568 CVE-2016-8569
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
840227: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840227
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libgit2
Version: 0.24.1-2
Severity: grave
Tags: security upstream
Hi,
the following vulnerabilities were published for libgit2.
CVE-2016-8568[0, 3]:
Read out-of-bounds in git_oid_nfmt
CVE-2016-8569[1, 4]:
DoS using a null pointer dereference in git_commit_message
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-8568
[1] https://security-tracker.debian.org/tracker/CVE-2016-8569
[2] https://marc.info/?l=oss-security&m=147594097425642&w=2
[3] https://github.com/libgit2/libgit2/issues/3936
[4] https://github.com/libgit2/libgit2/issues/3937
[5] https://github.com/libgit2/libgit2/pull/3956
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
closing.
signature.asc
Description: OpenPGP digital signature
--- End Message ---
