Fedora 38: rust-git2 2024-993d3a78dd
Summary
Bindings to libgit2 for interoperating with git repositories. This
library is both threadsafe and memory safe and allows both reading and
writing git repositories.
Update Information:
Update the git2 crate to version 0.18.2. Update the libgit2-sys crate to version 0.16.2. Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577. Since the libgit2 bindings cause applications that use them to statically link libgit2, this update also includes rebuilds of all affected applications.
Change Log
* Tue Feb 13 2024 Fabio Valentini
References
[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2263100 [ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2263105
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-993d3a78dd' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html