FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-29 10:45:39 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
5a1589ad-68f9-11e8-83f5-d8cb8abf62ddLibgit2 -- Fixing insufficient validation of submodule names

The Git community reports:

Insufficient validation of submodule names


Discovery 2018-05-29
Entry 2018-06-05
libgit2
py-pygit2
< 0.27.1

https://github.com/libgit2/libgit2/releases/tag/v0.27.1
CVE-2018-11235
d51b52cf-c199-11e9-b13f-001b217b3468Libgit2 -- multiple vulnerabilities

The Git community reports:

A carefully constructed commit object with a very large number of parents may lead to potential out-of-bounds writes or potential denial of service.

The ProgramData configuration file is always read for compatibility with Git for Windows and Portable Git installations. The ProgramData location is not necessarily writable only by administrators, so we now ensure that the configuration file is owned by the administrator or the current user.


Discovery 2019-08-13
Entry 2019-08-18
libgit2
< 0.28.3

https://github.com/libgit2/libgit2/releases/tag/v0.28.3
43768ff3-c683-11ee-97d0-001b217b3468Libgit2 -- multiple vulnerabilities

Git community reports:

A bug in git_revparse_single is fixed that could have caused the function to enter an infinite loop given well-crafted inputs, potentially causing a Denial of Service attack in the calling application

A bug in git_revparse_single is fixed that could have caused the function to enter an infinite loop given well-crafted inputs, potentially causing a Denial of Service attack in the calling application

A bug in the smart transport negotiation could have caused an out-of-bounds read when a remote server did not advertise capabilities


Discovery 2024-02-06
Entry 2024-02-08
Modified 2024-02-14
eza
< 0.18.2

libgit2
ge 1.7.0 lt 1.7.2

< 1.6.5

CVE-2024-24577
https://github.com/libgit2/libgit2/releases/tag/v1.7.2
3c9b7698-84da-11e8-8c75-d8cb8abf62ddLibgit2 -- multiple vulnerabilities

The Git community reports:

Out-of-bounds reads when reading objects from a packfile


Discovery 2018-07-09
Entry 2018-07-11
libgit2
< 0.27.3

https://github.com/libgit2/libgit2/releases/tag/v0.27.3
CVE-2018-10887
CVE-2018-10888
8c08ab4c-d06c-11e8-b35c-001b217b3468Libgit2 -- multiple vulnerabilities

The Git community reports:

Multiple vulnerabilities.


Discovery 2018-10-05
Entry 2018-10-15
libgit2
< 0.27.5

https://github.com/libgit2/libgit2/releases/tag/v0.27.5
CVE-2018-17456