p5-Git-Raw icon indicating copy to clipboard operation
p5-Git-Raw copied to clipboard

Published 20 hours ago verified publisher icon jacquesg

There are various CVEs for embedded libraries

Open robrwo opened this issue 2 years ago • 4 comments

The version of zlib seems to be affected by CVE-2018-25032

The version of http-parser seems to be affected by CVE-2019-9900

robrwo avatar Jun 30 '22 13:06 robrwo

These are bundled by libgit2. When they are addressed upstream, I can attempt an upgrade.

jacquesg avatar Jun 30 '22 15:06 jacquesg

I have emailed [email protected] about that issue.

robrwo avatar Jun 30 '22 18:06 robrwo

I've gotten a confirmation from Ed Thomson re libgit2 security issues. He expects to publish fixes next week.

robrwo avatar Jul 06 '22 10:07 robrwo

Great, thanks for the update. I'll push a fix as soon as I can.

jacquesg avatar Jul 06 '22 13:07 jacquesg

Version 0.89 is now available, which should address these.

jacquesg avatar Oct 23 '22 16:10 jacquesg