Accepting request 640549 from devel:libraries:c_c++

OBS-URL: https://build.opensuse.org/request/show/640549
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgit2?expand=0&rev=34

libgit2-0.27.4.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0b7ca31cb959ff1b22afa0da8621782afe61f99242bf716c403802ffbdb21d51
-size 4772254

libgit2-0.27.5.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:15f2775f4f325951d9139ed906502b6c71fee6787cada9b045f5994072ccbd33
+size 4775158

libgit2.changes

@@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Sun Oct  7 12:32:42 UTC 2018 - astieger@suse.com
+
+- libgit2 0.27.5:
+  * CVE-2018-17456: Submodule URLs and paths with a leading "-"
+    are now ignored to avoid injecting options into library
+    consumers that perform recursive clones (bsc#1110949)
+  * Avoid a buffer overflow when running repack
+  * Avoid stack overflow from unbounded recursion in configuration
+    file parser
+  * Avoid heap-buffer overflow when parsing "ok" packets
+  * Fix heap-buffer overflows in smart protocol parsing code
+  * Fix potential integer overflows on platforms with 16 bit ints
+  * Fix potential NULL pointer dereference when parsing
+    configuration files
+
 -------------------------------------------------------------------
 Tue Aug 21 08:47:14 UTC 2018 - mpluskal@suse.com
 

libgit2.spec

@@ -19,7 +19,7 @@
 
 %define sover 27
 Name:           libgit2
-Version:        0.27.4
+Version:        0.27.5
 Release:        0
 Summary:        C git library
 License:        GPL-2.0 WITH GCC-exception-2.0