Debian Package Tracker
Register | Log in
Subscribe

libgit2

Choose email to subscribe with

general
  • source: libgit2 (main)
  • version: 1.1.0+dfsg.1-4
  • maintainer: Utkarsh Gupta (DMD)
  • uploaders: Pirate Praveen [DMD]
  • arch: all any
  • std-ver: 4.5.1
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 0.21.1-3
  • o-o-sec: 0.21.1-3+deb8u1
  • oldstable: 0.25.1+really0.24.6-1
  • old-bpo: 0.27.4+dfsg.1-0.1~bpo9+1
  • stable: 0.27.7+dfsg.1-0.2
  • stable-bpo: 0.28.3+dfsg.1-1~bpo10+1
  • testing: 1.1.0+dfsg.1-4
  • unstable: 1.1.0+dfsg.1-4
versioned links
  • 0.21.1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.21.1-3+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.25.1+really0.24.6-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.27.4+dfsg.1-0.1~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.27.7+dfsg.1-0.2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.28.3+dfsg.1-1~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.28.5+dfsg.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.0.1+dfsg.1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.1.0+dfsg.1-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libgit2-1.1
  • libgit2-dev (1 bugs: 0, 1, 0, 0)
  • libgit2-fixtures
action needed
Multiarch hinter reports 1 issue(s) low
There are issues with the multiarch metadata for this package.
  • libgit2-fixtures could be marked Multi-Arch: foreign
Created: 2021-01-05 Last update: 2021-01-23 22:39
7 ignored security issues in stretch low
There are 7 open security issues in stretch.
7 issues skipped by the security teams:
  • CVE-2018-10887: A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.
  • CVE-2018-10888: A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.
  • CVE-2018-15501: In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS.
  • CVE-2018-8098: Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via a crafted repository index file.
  • CVE-2018-8099: Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file.
  • CVE-2020-12278: An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352.
  • CVE-2020-12279: An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353.
Please fix them.
Created: 2018-03-15 Last update: 2021-01-09 05:31
2 ignored security issues in buster low
There are 2 open security issues in buster.
2 issues skipped by the security teams:
  • CVE-2020-12278: An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352.
  • CVE-2020-12279: An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353.
Please fix them.
Created: 2020-04-27 Last update: 2021-01-09 05:31
Build log checks report 1 warning low
Build log checks report 1 warning
Created: 2017-11-14 Last update: 2017-11-14 07:24
news
[rss feed]
  • [2021-01-09] libgit2 1.1.0+dfsg.1-4 MIGRATED to testing (Debian testing watch)
  • [2021-01-06] Accepted libgit2 1.1.0+dfsg.1-4 (source) into unstable (Utkarsh Gupta)
  • [2021-01-04] Accepted libgit2 1.1.0+dfsg.1-3 (source amd64 all) into unstable, unstable (Debian FTP Masters) (signed by: Utkarsh Gupta)
  • [2020-12-11] libgit2 1.1.0+dfsg.1-2 MIGRATED to testing (Debian testing watch)
  • [2020-12-10] libgit2 1.0.1+dfsg.1-3 MIGRATED to testing (Debian testing watch)
  • [2020-12-09] Accepted libgit2 1.1.0+dfsg.1-2 (source) into unstable (Utkarsh Gupta)
  • [2020-12-07] Accepted libgit2 1.1.0+dfsg.1-1 (source amd64) into experimental, experimental (Debian FTP Masters) (signed by: Utkarsh Gupta)
  • [2020-12-04] Accepted libgit2 1.0.1+dfsg.1-3 (source) into unstable (Utkarsh Gupta)
  • [2020-12-04] Accepted libgit2 1.0.1+dfsg.1-2 (source) into experimental (Utkarsh Gupta)
  • [2020-10-09] Accepted libgit2 1.0.1+dfsg.1-1 (source) into experimental (Utkarsh Gupta)
  • [2020-10-02] Accepted libgit2 1.0.0+dfsg.1-2 (source) into experimental (Ximin Luo) (signed by: infinity0@debian.org)
  • [2020-04-17] Accepted libgit2 1.0.0+dfsg.1-1 (source amd64) into experimental, experimental (Debian FTP Masters) (signed by: Utkarsh Gupta)
  • [2020-04-13] libgit2 0.28.5+dfsg.1-1 MIGRATED to testing (Debian testing watch)
  • [2020-04-10] Accepted libgit2 0.28.5+dfsg.1-1 (source) into unstable (Utkarsh Gupta)
  • [2020-04-02] Accepted libgit2 0.99.0+dfsg.1-1 (source amd64) into experimental, experimental (Debian FTP Masters) (signed by: Utkarsh Gupta)
  • [2020-03-26] libgit2 0.28.4+dfsg.1-4 MIGRATED to testing (Debian testing watch)
  • [2020-03-23] Accepted libgit2 0.28.4+dfsg.1-4 (source) into unstable (Utkarsh Gupta)
  • [2020-03-16] libgit2 0.28.4+dfsg.1-3 MIGRATED to testing (Debian testing watch)
  • [2020-03-12] Accepted libgit2 0.28.4+dfsg.1-3 (source) into unstable (Utkarsh Gupta)
  • [2020-02-16] libgit2 0.28.4+dfsg.1-2 MIGRATED to testing (Debian testing watch)
  • [2020-02-14] Accepted libgit2 0.28.4+dfsg.1-2 (source) into unstable (Utkarsh Gupta)
  • [2020-02-13] Accepted libgit2 0.28.4+dfsg.1-1 (source) into experimental (Utkarsh Gupta)
  • [2019-12-13] Accepted libgit2 0.28.3+dfsg.1-1~bpo10+1 (source amd64) into buster-backports, buster-backports (Abhijith Sheheer) (signed by: Abhijith PA)
  • [2019-11-18] libgit2 0.28.3+dfsg.1-1 MIGRATED to testing (Debian testing watch)
  • [2019-11-16] Accepted libgit2 0.28.3+dfsg.1-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
  • [2019-11-15] Accepted libgit2 0.28.3+dfsg.1-0.1 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
  • [2019-05-21] libgit2 0.27.7+dfsg.1-0.2 MIGRATED to testing (Debian testing watch)
  • [2019-05-19] Accepted libgit2 0.27.7+dfsg.1-0.2 (source) into unstable (Ximin Luo)
  • [2019-05-17] Accepted libgit2 0.28.1+dfsg.1-0.1 (source amd64) into experimental, experimental (Jongmin Kim) (signed by: Praveen Arimbrathodiyil)
  • [2018-12-31] libgit2 0.27.7+dfsg.1-0.1 MIGRATED to testing (Debian testing watch)
  • 1
  • 2
bugs [bug history graph]
  • all: 3
  • RC: 0
  • I&N: 3
  • M&W: 0
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian
  • buildd: logs, checks, clang, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 0.28.5+dfsg.1-1
  • 3 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing