Back to libgit2 PTS page

Accepted libgit2 0.21.1-3+deb8u1 (source amd64) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted libgit2 0.21.1-3+deb8u1 (source amd64) into oldstable
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sat, 25 Aug 2018 14:10:52 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1ftZHA-0005t2-Qv@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 25 Jul 2018 15:03:05 +0200
Source: libgit2
Binary: libgit2-dev libgit2-21 libgit2-dbg
Architecture: source amd64
Version: 0.21.1-3+deb8u1
Distribution: jessie-security
Urgency: medium
Maintainer: Russell Sim <russell.sim@gmail.com>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
 libgit2-21 - low-level Git library
 libgit2-dbg - libgit2 library and debugging symbols
 libgit2-dev - low-level Git library (development files)
Changes:
 libgit2 (0.21.1-3+deb8u1) jessie-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2018-15501
     A potential out-of-bounds read when processing a "ng" smart packet
     might lead to a Denial of Service.
   * CVE-2018-10887
     A flaw has been discovered that may lead to an integer overflow which
     in turn leads to an out of bound read, allowing to read before the
     base object. This might be used to leak memory addresses or cause a
     Denial of Service.
   * CVE-2018-10888
     A flaw may lead to an out-of-bound read while reading a binary delta
     file. This might result in a Denial of Service.
Checksums-Sha1:
 5afa3f9bc7b2bba4ac7242e6928971f69bcd9daf 2236 libgit2_0.21.1-3+deb8u1.dsc
 45729f6eb02abd6c7aa755d87b17e3b41c0e303f 3404222 libgit2_0.21.1.orig.tar.gz
 81ab5f608f1afe58d6de86169ff1a7d933a7db56 24760 libgit2_0.21.1-3+deb8u1.debian.tar.xz
 1463627eafed26301435c8f6d6131c26ffde02a7 542530 libgit2-dev_0.21.1-3+deb8u1_amd64.deb
 54a12333f149aacee111e31977d15dc929e638e3 316806 libgit2-21_0.21.1-3+deb8u1_amd64.deb
 ac4cf617ceb7d3d2731ab03b9e5447362a43a502 1211724 libgit2-dbg_0.21.1-3+deb8u1_amd64.deb
Checksums-Sha256:
 4bd5299b298200665925588f4311c9777bb6c79dd5ccbbd861bbaffd79bf22d3 2236 libgit2_0.21.1-3+deb8u1.dsc
 7c1df30aeb1884f5eacc65a8d1dccf57de3a78825b6081050f31eaf3ab4036dd 3404222 libgit2_0.21.1.orig.tar.gz
 066a3eaa031311b2acf92ce770bca75b38dcb6a85ff5d3c546937e27ee48a41e 24760 libgit2_0.21.1-3+deb8u1.debian.tar.xz
 488380e9c87ae076e65fe015a2f3ddb65eb26a050ba6eb641fb2545f97104c22 542530 libgit2-dev_0.21.1-3+deb8u1_amd64.deb
 d9100183cb785144731dc6f8f8dc41b2cee020800833eeb588dc26f423c91cd1 316806 libgit2-21_0.21.1-3+deb8u1_amd64.deb
 de476e5c462c62cea805c02fa61280dd3410c9c8aeda6123adb80a7c93f7c777 1211724 libgit2-dbg_0.21.1-3+deb8u1_amd64.deb
Files:
 e227235b37c4920988413a3ccacd8790 2236 libs extra libgit2_0.21.1-3+deb8u1.dsc
 4814495e2f90f077d51f0025bfd81f22 3404222 libs extra libgit2_0.21.1.orig.tar.gz
 5104bcfa644e52d17c98a64fbe632acc 24760 libs extra libgit2_0.21.1-3+deb8u1.debian.tar.xz
 688d0d380258bcf97484cb62f38dfe52 542530 libdevel extra libgit2-dev_0.21.1-3+deb8u1_amd64.deb
 ee448990e72cdc0362ccad6e4fd83442 316806 libs extra libgit2-21_0.21.1-3+deb8u1_amd64.deb
 77ed39aea5b5d04204adbaed12908268 1211724 debug extra libgit2-dbg_0.21.1-3+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAluBYIFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR2HND/9pDY3KZbSB+x51OgfjwGRmSW2xnDNL
tHwhKsIwjThGIql/p3amyS2Au3FyzdF/hMwI22AylkvkSAQry66+A2AYqR43+puv
L7C75Zr0kp2Jx7KgVCJXrrIC/EmXUDLOIMDC3V5zi3QhMzJEN+DMMxDYxIc31l6+
jD/AUpoWFGZmZFZXy6FrogAyMRRzDqabwFJyvTuHlF717vWlTDLe+7PIRKygMI2i
v1zTPwCxD1HlVymcVyhN2E3JHpkaLVQ4coxnfcftyPJ3WU4Y2VZpfJviwRPQJ5en
rYIN6tFdrjxznNxx28oPlrWgaJPjpnKB/Dmu15lWUyt8UBzsaP3GBHXvB/J+Ztm8
/LsgTuX6QOQTeW/Dzw/n2Vtx5Jo/S5ZOzRu3lYSI4bbsZ8aOQ643JewiokXJSik1
i1YYW8W85WUjZwO2oTJZag29GgqgVj0ulOPOet/P07wZ25wpWNerEjDikO5USqhL
6JoQI5O1xYpPFXGdThrnIny9M3HVUc1IW5wnGaWChdOzuBBTUg6zUl28iyYc3wWS
ezkHn1/0OG6i2bBmBt9fjBqXq8LJ3oIaqI9mn8aYs/mZZ0UIohA18Gn1biSd14d8
MR2Ltmta6jafSHPlDiHmV2+Bbe+8PPfg9agd6yQ/PKYPL8yDla4470RTYmICH8EP
DlxmEBGMTX03HQ==
=DH2d
-----END PGP SIGNATURE-----