Path to this page:
Next | Query returned 1 messages, browsing 1 to 10 | previous
CVS Commit History:
2017-01-13 21:34:41 by Benny Siegert | Files touched by this commit (3) | |
Log message:
Pullup ticket #5191 - requested by taca
devel/libgit2: security fix
Revisions pulled up:
- devel/libgit2/Makefile 1.14-1.16
- devel/libgit2/PLIST 1.6
- devel/libgit2/distinfo 1.8
---
Module Name: pkgsrc
Committed By: wiz
Date: Sun Jan 1 14:44:09 UTC 2017
Modified Files:
[...]
pkgsrc/devel/libgit2: Makefile
[...]
Log message:
Add python-3.6 to incompatible versions.
---
Module Name: pkgsrc
Committed By: adam
Date: Sun Jan 1 16:06:40 UTC 2017
Modified Files:
[...]
pkgsrc/devel/libgit2: Makefile
[...]
Log message:
Revbump after boost update
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Jan 11 00:11:24 UTC 2017
Modified Files:
pkgsrc/devel/libgit2: Makefile PLIST distinfo
Log message:
Update libgit2 to 0.25.1, it includes security problem.
For full changes, please refer CHANGESLOG.md file.
* libgit2 v0.24.6 and libgit2 v0.25.1, January 9th, 2017
Includes two fixes, one performs extra sanitization for some edge cases in
the Git Smart Protocol which can lead to attempting to parse outside of the
buffer.
The second fix affects the certificate check callback. It provides a valid
parameter to indicate whether the native cryptographic library considered
the certificate to be correct. This parameter is always 1/true before these
releases leading to a possible MITM.
This does not affect you if you do not use the custom certificate callback
or if you do not take this value into account. This does affect you if you
use pygit2 or git2go regardless of whether you specify a certificate check
callback.
|
Next | Query returned 1 messages, browsing 1 to 10 | previous