FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-01-31 07:40:04 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
d51b52cf-c199-11e9-b13f-001b217b3468	Libgit2 -- multiple vulnerabilities The Git community reports: A carefully constructed commit object with a very large number of parents may lead to potential out-of-bounds writes or potential denial of service. The ProgramData configuration file is always read for compatibility with Git for Windows and Portable Git installations. The ProgramData location is not necessarily writable only by administrators, so we now ensure that the configuration file is owned by the administrator or the current user. Discovery 2019-08-13 Entry 2019-08-18 libgit2 < 0.28.3 https://github.com/libgit2/libgit2/releases/tag/v0.28.3
43768ff3-c683-11ee-97d0-001b217b3468	Libgit2 -- multiple vulnerabilities Git community reports: A bug in git_revparse_single is fixed that could have caused the function to enter an infinite loop given well-crafted inputs, potentially causing a Denial of Service attack in the calling application A bug in git_revparse_single is fixed that could have caused the function to enter an infinite loop given well-crafted inputs, potentially causing a Denial of Service attack in the calling application A bug in the smart transport negotiation could have caused an out-of-bounds read when a remote server did not advertise capabilities Discovery 2024-02-06 Entry 2024-02-08 Modified 2024-02-14 eza < 0.18.2 libgit2 >= 1.7.0 lt 1.7.2 < 1.6.5 CVE-2024-24577 https://github.com/libgit2/libgit2/releases/tag/v1.7.2

VuXML ID

Description

d51b52cf-c199-11e9-b13f-001b217b3468

Libgit2 -- multiple vulnerabilities

The Git community reports:

A carefully constructed commit object with a very large number of parents may lead to potential out-of-bounds writes or potential denial of service.

The ProgramData configuration file is always read for compatibility with Git for Windows and Portable Git installations. The ProgramData location is not necessarily writable only by administrators, so we now ensure that the configuration file is owned by the administrator or the current user.

Discovery 2019-08-13
Entry 2019-08-18
libgit2

< 0.28.3

https://github.com/libgit2/libgit2/releases/tag/v0.28.3

43768ff3-c683-11ee-97d0-001b217b3468

Libgit2 -- multiple vulnerabilities

Git community reports:

A bug in git_revparse_single is fixed that could have caused the function to enter an infinite loop given well-crafted inputs, potentially causing a Denial of Service attack in the calling application

A bug in git_revparse_single is fixed that could have caused the function to enter an infinite loop given well-crafted inputs, potentially causing a Denial of Service attack in the calling application

A bug in the smart transport negotiation could have caused an out-of-bounds read when a remote server did not advertise capabilities

Discovery 2024-02-06
Entry 2024-02-08
Modified 2024-02-14
eza

< 0.18.2

libgit2

>= 1.7.0 lt 1.7.2

< 1.6.5

CVE-2024-24577
https://github.com/libgit2/libgit2/releases/tag/v1.7.2