18 matches found
Fedora 41 : rust-asyncgit / rust-bat / rust-cargo-c / rust-eza / etc (2024-401f10a92f)
The remote Fedora 41 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-401f10a92f advisory. - Update the git2 crate to version 0.18.2. - Update the libgit2-sys crate to version 0.16.2. Version 0.16.2 of the libgit2-sys crate includes an...
Fedora: Security Advisory for rust-libgit2-sys (FEDORA-2024-993d3a78dd)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 38 Update: rust-libgit2-sys-0.16.2-1.fc38
Native bindings to the libgit2 library...
[SECURITY] Fedora 39 Update: rust-libgit2-sys-0.16.2-1.fc39
Native bindings to the libgit2 library...
Fedora: Security Advisory for rust-libgit2-sys (FEDORA-2024-8ba389815f)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
a-gpt (>=0.1.0 <=0.4.0), abacuz (=0.1.1) +884 more potentially affected by unknown CVE via libgit2-sys (>=0.10.0 <=0.15.2+1.6.4)
libgit2-sys CARGO version =0.10.0, =0.1.0, =1.1.0, =0.0.1, =0.3.0, =1.2.0, =1.4.7 - amisgitpm =0.0.1 - android-cli =0.2.0 - angreal =2.0.0-rc.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-22Q8-GHMQ-63VF...
libgit2-sys affected by memory corruption, denial of service, and arbitrary code execution in libgit2
The libgit2 project fixed three security issues in the 1.7.2 release. These issues are: The gitrevparsesingle function can potentially enter an infinite loop on a well-crafted input, potentially causing a Denial of Service. This function is exposed in the git2 crate via the...
GHSA-22Q8-GHMQ-63VF libgit2-sys affected by memory corruption, denial of service, and arbitrary code execution in libgit2
The libgit2 project fixed three security issues in the 1.7.2 release. These issues are: The gitrevparsesingle function can potentially enter an infinite loop on a well-crafted input, potentially causing a Denial of Service. This function is exposed in the git2 crate via the...
a-gpt (>=0.1.0 <=0.4.0), abacuz (=0.1.1) +884 more potentially affected by CVE-2024-24575 +1 more via libgit2-sys (>=0.10.0 <=0.15.2+1.6.4)
libgit2-sys CARGO version =0.10.0, =0.1.0, =1.1.0, =0.0.1, =0.3.0, =1.2.0, =1.4.7 - amisgitpm =0.0.1 - android-cli =0.2.0 - angreal =2.0.0-rc.1 and more Source cves: CVE-2024-24575, CVE-2024-24577 Source advisory: OSV:RUSTSEC-2024-0013...
Memory corruption, denial of service, and arbitrary code execution in libgit2
The libgit2 project fixed three security issues in the 1.7.2 release. These issues are: The gitrevparsesingle function can potentially enter an infinite loop on a well-crafted input, potentially causing a Denial of Service. This function is exposed in the git2 crate via the...
Fedora: Security Advisory for rust-libgit2-sys (FEDORA-2023-db96a62414)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for rust-libgit2-sys (FEDORA-2023-055b389109)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 37 Update: rust-libgit2-sys-0.13.5-1.fc37
Native bindings to the libgit2 library...
Fedora 36 : rust-libgit2-sys (2023-055b389109)
The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-055b389109 advisory. Update to version 0.13.5 includes bundled libgit2 v1.4.5 with the latest security fixes. Tenable has extracted the preceding description block directly from...
git2-rs fails to verify SSH keys by default
The git2 and libgit2-sys crates are Rust wrappers around the libgit2 C library. It was discovered that libgit2 1.5.0 and below did not verify SSH host keys when establishing an SSH connection, exposing users of the library to Man-In-the-Middle attacks. The libgit2 team assigned CVE-2023-22742 to...
GHSA-M4CH-RFV5-X5G3 git2-rs fails to verify SSH keys by default
The git2 and libgit2-sys crates are Rust wrappers around the libgit2 C library. It was discovered that libgit2 1.5.0 and below did not verify SSH host keys when establishing an SSH connection, exposing users of the library to Man-In-the-Middle attacks. The libgit2 team assigned CVE-2023-22742 to...
RUSTSEC-2023-0003 git2 does not verify SSH keys by default
The git2 and libgit2-sys crates are Rust wrappers around the libgit2 C library. It was discovered that libgit2 1.5.0 and below did not verify SSH host keys when establishing an SSH connection, exposing users of the library to Man-In-the-Middle attacks. The libgit2 team assigned...
git2 does not verify SSH keys by default
The git2 and libgit2-sys crates are Rust wrappers around the libgit2 C library. It was discovered that libgit2 1.5.0 and below did not verify SSH host keys when establishing an SSH connection, exposing users of the library to Man-In-the-Middle attacks. The libgit2 team assigned...