oss-sec mailing list archives
Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6
From: Carlos Martín Nieto <cmn () dwim me>
Date: Wed, 11 Jan 2017 11:36:27 +0000
On 11 Jan 2017, at 03:41, cve-assign () mitre org wrote:https://github.com/libgit2/libgit2/commit/98d66240ecb7765e191da19b535c75c92ccc90feUse CVE-2017-5338.https://github.com/libgit2/libgit2/commit/3829ba2e710553893faf6336cc6b2f3fc17a293eUse CVE-2017-5339.https://github.com/libgit2/libgit2/commit/2ac57aa89bde788173b54bd153430369deec64c0This has no CVE ID; it does not seem to be a vulnerability fix.
CVE-2017-5338 and CVE-2017-5339 were also assigned to commits which are not fixing a vulnerability but adding tests to prevent a regression in this area. They’re different commits mostly as an artefact of the timing of the flaw being detected and when we were able to deal with it. cmn
Current thread:
- CVE Request: two security fixes in libgit2 0.25.1, 0.24.6 Andreas Stieger (Jan 10)
- Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6 cve-assign (Jan 10)
- Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6 Carlos Martín Nieto (Jan 11)
- Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6 cve-assign (Jan 10)