Register | Log in

libgit2

Choose email to subscribe with

general

source: libgit2 (main)
version: 1.1.0+dfsg.1-4
maintainer: Utkarsh Gupta (DMD)
uploaders: Pirate Praveen [DMD]
arch: all any
std-ver: 4.5.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.21.1-3
o-o-sec: 0.21.1-3+deb8u1
oldstable: 0.25.1+really0.24.6-1
old-bpo: 0.27.4+dfsg.1-0.1~bpo9+1
stable: 0.27.7+dfsg.1-0.2
stable-bpo: 0.28.3+dfsg.1-1~bpo10+1
testing: 1.1.0+dfsg.1-4
unstable: 1.1.0+dfsg.1-4

versioned links

0.21.1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.21.1-3+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.25.1+really0.24.6-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.27.4+dfsg.1-0.1~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.27.7+dfsg.1-0.2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.28.3+dfsg.1-1~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.28.5+dfsg.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.0.1+dfsg.1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.1.0+dfsg.1-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libgit2-1.1
libgit2-dev (1 bugs: 0, 1, 0, 0)
libgit2-fixtures

action needed

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

libgit2-fixtures could be marked Multi-Arch: foreign

Created: 2021-01-05 Last update: 2021-01-23 22:39

7 ignored security issues in stretch low

There are 7 open security issues in stretch.

7 issues skipped by the security teams:

CVE-2018-10887: A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.
CVE-2018-10888: A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.
CVE-2018-15501: In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS.
CVE-2018-8098: Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via a crafted repository index file.
CVE-2018-8099: Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file.
CVE-2020-12278: An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352.
CVE-2020-12279: An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353.

Please fix them.

Created: 2018-03-15 Last update: 2021-01-09 05:31

2 ignored security issues in buster low

There are 2 open security issues in buster.

2 issues skipped by the security teams:

CVE-2020-12278: An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352.
CVE-2020-12279: An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353.

Please fix them.

Created: 2020-04-27 Last update: 2021-01-09 05:31

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2017-11-14 Last update: 2017-11-14 07:24

news

[2021-01-09] libgit2 1.1.0+dfsg.1-4 MIGRATED to testing (Debian testing watch)
[2021-01-06] Accepted libgit2 1.1.0+dfsg.1-4 (source) into unstable (Utkarsh Gupta)
[2021-01-04] Accepted libgit2 1.1.0+dfsg.1-3 (source amd64 all) into unstable, unstable (Debian FTP Masters) (signed by: Utkarsh Gupta)
[2020-12-11] libgit2 1.1.0+dfsg.1-2 MIGRATED to testing (Debian testing watch)
[2020-12-10] libgit2 1.0.1+dfsg.1-3 MIGRATED to testing (Debian testing watch)
[2020-12-09] Accepted libgit2 1.1.0+dfsg.1-2 (source) into unstable (Utkarsh Gupta)
[2020-12-07] Accepted libgit2 1.1.0+dfsg.1-1 (source amd64) into experimental, experimental (Debian FTP Masters) (signed by: Utkarsh Gupta)
[2020-12-04] Accepted libgit2 1.0.1+dfsg.1-3 (source) into unstable (Utkarsh Gupta)
[2020-12-04] Accepted libgit2 1.0.1+dfsg.1-2 (source) into experimental (Utkarsh Gupta)
[2020-10-09] Accepted libgit2 1.0.1+dfsg.1-1 (source) into experimental (Utkarsh Gupta)
[2020-10-02] Accepted libgit2 1.0.0+dfsg.1-2 (source) into experimental (Ximin Luo) (signed by: infinity0@debian.org)
[2020-04-17] Accepted libgit2 1.0.0+dfsg.1-1 (source amd64) into experimental, experimental (Debian FTP Masters) (signed by: Utkarsh Gupta)
[2020-04-13] libgit2 0.28.5+dfsg.1-1 MIGRATED to testing (Debian testing watch)
[2020-04-10] Accepted libgit2 0.28.5+dfsg.1-1 (source) into unstable (Utkarsh Gupta)
[2020-04-02] Accepted libgit2 0.99.0+dfsg.1-1 (source amd64) into experimental, experimental (Debian FTP Masters) (signed by: Utkarsh Gupta)
[2020-03-26] libgit2 0.28.4+dfsg.1-4 MIGRATED to testing (Debian testing watch)
[2020-03-23] Accepted libgit2 0.28.4+dfsg.1-4 (source) into unstable (Utkarsh Gupta)
[2020-03-16] libgit2 0.28.4+dfsg.1-3 MIGRATED to testing (Debian testing watch)
[2020-03-12] Accepted libgit2 0.28.4+dfsg.1-3 (source) into unstable (Utkarsh Gupta)
[2020-02-16] libgit2 0.28.4+dfsg.1-2 MIGRATED to testing (Debian testing watch)
[2020-02-14] Accepted libgit2 0.28.4+dfsg.1-2 (source) into unstable (Utkarsh Gupta)
[2020-02-13] Accepted libgit2 0.28.4+dfsg.1-1 (source) into experimental (Utkarsh Gupta)
[2019-12-13] Accepted libgit2 0.28.3+dfsg.1-1~bpo10+1 (source amd64) into buster-backports, buster-backports (Abhijith Sheheer) (signed by: Abhijith PA)
[2019-11-18] libgit2 0.28.3+dfsg.1-1 MIGRATED to testing (Debian testing watch)
[2019-11-16] Accepted libgit2 0.28.3+dfsg.1-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2019-11-15] Accepted libgit2 0.28.3+dfsg.1-0.1 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2019-05-21] libgit2 0.27.7+dfsg.1-0.2 MIGRATED to testing (Debian testing watch)
[2019-05-19] Accepted libgit2 0.27.7+dfsg.1-0.2 (source) into unstable (Ximin Luo)
[2019-05-17] Accepted libgit2 0.28.1+dfsg.1-0.1 (source amd64) into experimental, experimental (Jongmin Kim) (signed by: Praveen Arimbrathodiyil)
[2018-12-31] libgit2 0.27.7+dfsg.1-0.1 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 3
RC: 0
I&N: 3
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.28.5+dfsg.1-1
3 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing