libgit2 icon indicating copy to clipboard operation
libgit2 copied to clipboard
verified publisher icon romkatv

vulnerabilities from original libgit2 not fixed here

Open dm9pZCAq opened this issue 1 year ago • 3 comments

there are few vulnerabilities which is fixed in original libgit2 which is still present in this fork: https://github.com/libgit2/libgit2/security

dm9pZCAq avatar Apr 07 '24 15:04 dm9pZCAq

This fork is used only by gitstatusd. These functions aren't used there.

romkatv avatar Apr 07 '24 16:04 romkatv

revparse is used but it looks like this part is before vulnerability is introduced

https://github.com/romkatv/libgit2/blob/2ecf33948a4df9ef45a66c68b8ef24a5e60eaac6/src/revparse.c#L773-L790

dm9pZCAq avatar Apr 07 '24 16:04 dm9pZCAq

Thanks for checking!

romkatv avatar Apr 07 '24 17:04 romkatv