diff options
| author | lhchavez <[email protected]> | 2022-04-14 16:09:59 +0200 |
|---|---|---|
| committer | GitHub <[email protected]> | 2022-04-14 07:09:59 -0700 |
| commit | 7bff4ca7addde8cc54c38f5db1e50fa420189a20 (patch) | |
| tree | b4bfb5483c52f2be68ca257cb129b4172f9af3e6 /script | |
| parent | eae00773cce87d5282a8ac7c10b5c1961ee6f9cb (diff) | |
Uprev libgit to v1.3.1 (#911)
🔒 This is a security release to provide compatibility with git's
changes to address [CVE
2022-24765](https://github.blog/2022-04-12-git-security-vulnerability-announced/).
libgit2 (and by extension git2go) are not directly affected by this
vulnerability, because libgit2 does not directly invoke any executable.
But we are providing these changes as a security release for any users
that use libgit2 for repository discovery and then also use git on that
repository. In this release, we will now validate that the user opening
the repository is the same user that owns the on-disk repository. This
is to match git's behavior.
In addition, we are providing several correctness fixes where invalid
input can lead to a crash. These may prevent possible denial of service
attacks. At this time there are not known exploits to these issues.
Diffstat (limited to 'script')
0 files changed, 0 insertions, 0 deletions