FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Libgit2 -- multiple vulnerabilities

Affected packages
libgit2 < 0.28.3

Details

VuXML ID d51b52cf-c199-11e9-b13f-001b217b3468
Discovery 2019-08-13
Entry 2019-08-18

The Git community reports:

A carefully constructed commit object with a very large number of parents may lead to potential out-of-bounds writes or potential denial of service.

The ProgramData configuration file is always read for compatibility with Git for Windows and Portable Git installations. The ProgramData location is not necessarily writable only by administrators, so we now ensure that the configuration file is owned by the administrator or the current user.

References

URL https://github.com/libgit2/libgit2/releases/tag/v0.28.3