Hello community, here is the log from the commit of package libgit2 for openSUSE:Factory checked in at 2018-07-17 09:36:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libgit2 (Old) and /work/SRC/openSUSE:Factory/.libgit2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libgit2" Tue Jul 17 09:36:58 2018 rev:31 rq:622033 version:0.27.3 Changes: -------- --- /work/SRC/openSUSE:Factory/libgit2/libgit2.changes 2018-05-04 11:25:44.064053975 +0200 +++ /work/SRC/openSUSE:Factory/.libgit2.new/libgit2.changes 2018-07-17 09:37:12.270401663 +0200 @@ -1,0 +2,17 @@ +Tue Jul 10 15:51:22 UTC 2018 - [email protected] + +- libgit2 0.27.3: + * CVE-2018-10887 (bsc#1100613), CVE-2018-10888 (bsc#1100612): + Specially crafted delta object in packfiles could trigger an + integer overflow, bypassing input validation and causing the + object database to contain copies of system memory. This may + allow denial of service or, potentially, an information leak +- includes changes from 0.27.2: + * various API and correctnes fixes + * Fixes related to handling of .gitmodules +- includes changes from 0.27.1: + * CVE-2018-11235: insufficient validation of submodule names from + .gitmodules allowed writes to arbitrary paths (bsc#1095219) + * disallow .gitmodules files as symlinks. + +------------------------------------------------------------------- Old: ---- libgit2-0.27.0.tar.gz New: ---- libgit2-0.27.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libgit2.spec ++++++ --- /var/tmp/diff_new_pack.EjgY4L/_old 2018-07-17 09:37:12.822399740 +0200 +++ /var/tmp/diff_new_pack.EjgY4L/_new 2018-07-17 09:37:12.826399725 +0200 @@ -19,7 +19,7 @@ %define sover 27 Name: libgit2 -Version: 0.27.0 +Version: 0.27.3 Release: 0 Summary: C git library License: GPL-2.0 WITH GCC-exception-2.0 ++++++ libgit2-0.27.0.tar.gz -> libgit2-0.27.3.tar.gz ++++++ ++++ 2583 lines of diff (skipped)
