You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: security/index.md
+19Lines changed: 19 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,6 +7,25 @@ layout: default
7
7
Information about security advisories affecting libgit2 and the releases that
8
8
provide resolution.
9
9
10
+
In case you think to have found a security issue with libgit2, please do not
11
+
open a public issue. Instead, you can report the issue to the private mailing
12
+
list [security@libgit2.org](mailto:security@libgit2.org).
13
+
14
+
***[libgit2 v0.26.2](https://github.com/libgit2/libgit2/releases/tag/v0.26.2)**, March 8th, 2018
15
+
Fixes memory handling issues when reading crafted repository index files. The
16
+
issues allow for possible denial of service due to allocation of large memory
17
+
and out-of-bound reads.
18
+
19
+
As the index is never transferred via the network, exploitation requires an
20
+
attacker to have access to the local repository.
21
+
22
+
***[libgit2 v0.26.1](https://github.com/libgit2/libgit2/releases/tag/v0.26.1)**, March 7th, 2018
23
+
Updates the bundled zlib to 1.2.11. Users who build the bundled zlib are
24
+
vulnerable to security issues in the prior version.
25
+
26
+
This does not affect you if you rely on a system-installed version of zlib. All
27
+
users of v0.26.0 who use the bundled zlib should upgrade to this release.
28
+
10
29
***[libgit2 v0.24.6](https://github.com/libgit2/libgit2/releases/tag/v0.24.6)** and **[libgit2 v0.25.1](https://github.com/libgit2/libgit2/releases/tag/v0.25.1)**, January 9th, 2017
11
30
Includes two fixes, one performs extra sanitization for some edge cases in
12
31
the Git Smart Protocol which can lead to attempting to parse outside of the
0 commit comments