{"id":"MGASA-2017-0319","summary":"Updated libgit2 packages fix security vulnerabilities","details":"Read out-of-bounds in git_oid_nfmt (CVE-2016-8568).\n\nDoS using a null pointer dereference in git_commit_message\n(CVE-2016-8569).\n\nInsufficient sanitization allows some edge cases in the Git Smart\nProtocol which can lead to reading outside of a buffer (CVE-2016-10128,\nCVE-2016-10129).\n","modified":"2026-04-16T06:25:24.606890849Z","published":"2017-08-29T20:36:17Z","upstream":["CVE-2016-10128","CVE-2016-10129","CVE-2016-8568","CVE-2016-8569"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0319.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=19792"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4E77DG5KGQ7L34U75QY7O6NIPKZNQHQJ/"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html"}],"affected":[{"package":{"name":"libgit2","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/libgit2?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.21.1-3.2.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0319.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}