Date: Sat, 8 Oct 2016 10:15:55 -0300 From: Gustavo Grieco <gustavo.grieco@...il.com> To: oss-security@...ts.openwall.com Subject: CVE request: invalid memory accesses parsing object files in libgit2 Hi, We recently reported two invalid memory accesses in the last revision of libgit2: * Read out-of-bounds in git_oid_nfmt: https://github.com/libgit2/libgit2/issues/3936 * DoS using a null pointer derreference in git_commit_message: https://github.com/libgit2/libgit2/issues/3937 The developers are preparing a patch to harden object parsing in libgit2 here: https://github.com/libgit2/libgit2/pull/3956 Please assign one or more CVE if suitable. Regards, Gustavo.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.