Control: retitle -1 libgit2: CVE-2016-10128 CVE-2016-10129 CVE-2016-10130 On Sat, Jan 14, 2017 at 04:52:21PM +0100, Salvatore Bonaccorso wrote: > Source: libgit2 > Version: 0.24.5-1 > Severity: important > Tags: upstream patch security > > Hi, > > the following vulnerabilities were published for libgit2. > > CVE-2016-10128[0]: > smart_pkt: verify packet length exceeds PKT_LEN_SIZE > > CVE-2016-10129[1]: > smart_pkt: treat empty packet lines as error > > CVE-2016-10130[2]: > http: check certificate validity before clobbering the error variable
Please note that CVE-2017-5338 and CVE-2017-5339 have been rejected. So ignore those. It was shown with further investigation that those are not security issues. Regards, Salvatore
