Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1f64e875 by Salvatore Bonaccorso at 2018-01-12T15:14:10+01:00
Track fixes for cargo CVEs
The experimental version 0.17.0-1~exp1 should have been the first
version which contained a fixed version of the embedded libgit2 copy.
Then various iterations came to depend on system libs, then re-embed,
then switch again to not the embedded copy.
Thus please double-check this update.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -50393,21 +50393,21 @@ CVE-2016-10130 (The http_connect function in
transports/http.c in libgit2 before
- libgit2 0.25.1+really0.24.6-1 (bug #851406)
[jessie] - libgit2 <not-affected> (Vulnerable code not present)
[experimental] - cargo 0.17.0-1~exp1
- - cargo <unfixed> (bug #860990)
+ - cargo 0.17.0-1 (bug #860990)
NOTE:
https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22
(v0.25.1)
NOTE:
https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211
(v0.24.6)
CVE-2016-10129 (The Git Smart Protocol support in libgit2 before 0.24.6 and
0.25.x ...)
- libgit2 0.25.1+really0.24.6-1 (bug #851406)
[jessie] - libgit2 <no-dsa> (Minor issue)
[experimental] - cargo 0.17.0-1~exp1
- - cargo <unfixed> (bug #860990)
+ - cargo 0.17.0-1 (bug #860990)
NOTE:
https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a
(v0.25.1)
NOTE:
https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037
(v0.24.6)
CVE-2016-10128 (Buffer overflow in the git_pkt_parse_line function in ...)
- libgit2 0.25.1+really0.24.6-1 (bug #851406)
[jessie] - libgit2 <no-dsa> (Minor issue)
[experimental] - cargo 0.17.0-1~exp1
- - cargo <unfixed> (bug #860990)
+ - cargo 0.17.0-1 (bug #860990)
NOTE:
https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834
(v0.25.1)
NOTE:
https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2
(v0.24.6)
CVE-2016-10126 (Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x
before ...)
@@ -67345,13 +67345,13 @@ CVE-2016-8569 (The git_oid_nfmt function in commit.c
in libgit2 before 0.24.3 al
- libgit2 0.24.2-2 (bug #840227)
[jessie] - libgit2 <no-dsa> (Minor issue)
[experimental] - cargo 0.17.0-1~exp1
- - cargo <unfixed> (bug #860989)
+ - cargo 0.17.0-1 (bug #860989)
NOTE: https://github.com/libgit2/libgit2/issues/3937
CVE-2016-8568 (The git_commit_message function in oid.c in libgit2 before
0.24.3 ...)
- libgit2 0.24.5-1 (bug #840227)
[jessie] - libgit2 <no-dsa> (Minor issue)
[experimental] - cargo 0.17.0-1~exp1
- - cargo <unfixed> (bug #860989)
+ - cargo 0.17.0-1 (bug #860989)
NOTE: https://github.com/libgit2/libgit2/issues/3936
CVE-2016-8490
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1f64e875c7cc3ab1fb1649899899c2113fe6a1d8
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1f64e875c7cc3ab1fb1649899899c2113fe6a1d8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
