[Git][security-tracker-team/security-tracker][master] Add CVE-2018-1088{7,8}/libgit2

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f58ae1c9 by Salvatore Bonaccorso at 2018-07-10T08:16:08+02:00
Add CVE-2018-1088{7,8}/libgit2

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -7191,10 +7191,15 @@ CVE-2018-10890
 	RESERVED
 CVE-2018-10889
 	RESERVED
-CVE-2018-10888
+CVE-2018-10888 [an improper input validation leads to an out-of-bound read in git_delta_apply, allowing to read beyond delta limits]
 	RESERVED
-CVE-2018-10887
+	- libgit2 <unfixed>
+	NOTE: https://github.com/libgit2/libgit2/commit/9844d38bed10e9ff17174434b3421b227ae710f3
+CVE-2018-10887 [integer overflow leads to out-of-bounds read in git_delta_apply, allowing to read before base array]
 	RESERVED
+	- libgit2 <unfixed>
+	NOTE: https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a
+	NOTE: https://github.com/libgit2/libgit2/commit/c1577110467b701dcbcf9439ac225ea851b47d22
 CVE-2018-10886
 	RESERVED
 	- ant 1.10.4-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f58ae1c9ca68200a18ec59b6806485c736e32090

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f58ae1c9ca68200a18ec59b6806485c736e32090
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180710/96322913/attachment.html>