File tree Expand file tree Collapse file tree 1 file changed +11
-0
lines changed Expand file tree Collapse file tree 1 file changed +11
-0
lines changed Original file line number Diff line number Diff line change @@ -11,6 +11,17 @@ In case you think to have found a security issue with libgit2, please do not
1111open a public issue. Instead, you can report the issue to the private mailing
1212list [ security@libgit2.org ] ( mailto:security@libgit2.org ) .
1313
14+ * ** [ libgit2 v0.27.1] ( https://github.com/libgit2/libgit2/releases/tag/v0.27.1 ) ** , May 29th, 2018)
15+
16+ Ignores submodule configuration entries with names which attempt to perform path
17+ traversal and can be exploited to write to an arbitrary path or for remote code
18+ execution. ` libgit2 ` itself is not vulnerable to RCE but tool implementations
19+ which execute hooks after fetching might be. This is CVE-2018 -11235.
20+
21+ It is forbidden for a ` .gitmodules ` file to be a symlink which could cause a Git
22+ implementation to write outside of the repository and and bypass the fsck checks
23+ for CVE-2018 -11235.
24+
1425 * ** [ libgit2 v0.26.2] ( https://github.com/libgit2/libgit2/releases/tag/v0.26.2 ) ** , March 8th, 2018
1526Fixes memory handling issues when reading crafted repository index files. The
1627issues allow for possible denial of service due to allocation of large memory
You can’t perform that action at this time.
0 commit comments