You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: security/index.md
+13Lines changed: 13 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,6 +7,19 @@ layout: default
7
7
Information about security advisories affecting libgit2 and the releases that
8
8
provide resolution.
9
9
10
+
***[libgit2 v0.24.6](https://github.com/libgit2/libgit2/releases/tag/v0.24.6)** and **[libgit2 v0.25.1](https://github.com/libgit2/libgit2/releases/tag/v0.25.1)**, January 9th, 2017
11
+
Includes two fixes, one performs extra sanitization for some edge cases in
12
+
the Git Smart Protocol which can lead to attempting to parse outside of the
13
+
buffer.<br><br>
14
+
The second fix affects the certificate check callback. It provides a `valid`
15
+
parameter to indicate whether the native cryptographic library considered the
16
+
certificate to be correct. This parameter is always `1`/`true` before these
17
+
releases leading to a possible MITM.<br><br>
18
+
This does not affect you if you do not use the custom certificate callback
19
+
or if you do not take this value into account. This does affect you if
20
+
you use pygit2 or git2go regardless of whether you specify a certificate
21
+
check callback.
22
+
10
23
***[libgit2 v0.22.1](https://github.com/libgit2/libgit2/releases/tag/v0.22.1)**, January 16, 2015
11
24
Provides additional protections on symbolic links on case-insensitive
0 commit comments