FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
5a1589ad-68f9-11e8-83f5-d8cb8abf62ddLibgit2 -- Fixing insufficient validation of submodule names

The Git community reports:

Insufficient validation of submodule names


Discovery 2018-05-29
Entry 2018-06-05
libgit2
py-pygit2
< 0.27.1

https://github.com/libgit2/libgit2/releases/tag/v0.27.1
CVE-2018-11235
3c9b7698-84da-11e8-8c75-d8cb8abf62ddLibgit2 -- multiple vulnerabilities

The Git community reports:

Out-of-bounds reads when reading objects from a packfile


Discovery 2018-07-09
Entry 2018-07-11
libgit2
< 0.27.3

https://github.com/libgit2/libgit2/releases/tag/v0.27.3
CVE-2018-10887
CVE-2018-10888
d51b52cf-c199-11e9-b13f-001b217b3468Libgit2 -- multiple vulnerabilities

The Git community reports:

A carefully constructed commit object with a very large number of parents may lead to potential out-of-bounds writes or potential denial of service.

The ProgramData configuration file is always read for compatibility with Git for Windows and Portable Git installations. The ProgramData location is not necessarily writable only by administrators, so we now ensure that the configuration file is owned by the administrator or the current user.


Discovery 2019-08-13
Entry 2019-08-18
libgit2
< 0.28.3

https://github.com/libgit2/libgit2/releases/tag/v0.28.3
8c08ab4c-d06c-11e8-b35c-001b217b3468Libgit2 -- multiple vulnerabilities

The Git community reports:

Multiple vulnerabilities.


Discovery 2018-10-05
Entry 2018-10-15
libgit2
< 0.27.5

https://github.com/libgit2/libgit2/releases/tag/v0.27.5
CVE-2018-17456