http://bugzilla.opensuse.org/show_bug.cgi?id=1003810 Bug ID: 1003810 Summary: libgit2: invalid memory accesses parsing object files Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.1 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- References: http://seclists.org/oss-sec/2016/q4/59 ==================================================== Hi, We recently reported two invalid memory accesses in the last revision of libgit2: * Read out-of-bounds in git_oid_nfmt: https://github.com/libgit2/libgit2/issues/3936 * DoS using a null pointer derreference in git_commit_message: https://github.com/libgit2/libgit2/issues/3937 The developers are preparing a patch to harden object parsing in libgit2 here: https://github.com/libgit2/libgit2/pull/3956 Please assign one or more CVE if suitable. Regards, Gustavo. ==================================================== https://software.opensuse.org/package/libgit2 -- You are receiving this mail because: You are on the CC list for the bug.