An update for libgit2 is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1282 Final 1.0 1.0 2021-07-27 Initial 2021-07-27 2021-07-27 openEuler SA Tool V1.0 2021-07-27 libgit2 security update An update for libgit2 is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2. libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language which supports C bindings. Security Fix(es): An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352.(CVE-2020-12278) An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353.(CVE-2020-12279) An update for libgit2 is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High libgit2 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1282 https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-12278 https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-12279 https://nvd.nist.gov/vuln/detail/CVE-2020-12278 https://nvd.nist.gov/vuln/detail/CVE-2020-12279 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 libgit2-0.27.8-5.oe1.aarch64.rpm libgit2-debuginfo-0.27.8-5.oe1.aarch64.rpm libgit2-debugsource-0.27.8-5.oe1.aarch64.rpm libgit2-devel-0.27.8-5.oe1.aarch64.rpm libgit2-debugsource-0.27.8-5.oe1.aarch64.rpm libgit2-0.27.8-5.oe1.aarch64.rpm libgit2-devel-0.27.8-5.oe1.aarch64.rpm libgit2-debuginfo-0.27.8-5.oe1.aarch64.rpm libgit2-0.27.8-5.oe1.src.rpm libgit2-0.27.8-5.oe1.src.rpm libgit2-devel-0.27.8-5.oe1.x86_64.rpm libgit2-debugsource-0.27.8-5.oe1.x86_64.rpm libgit2-0.27.8-5.oe1.x86_64.rpm libgit2-debuginfo-0.27.8-5.oe1.x86_64.rpm libgit2-debuginfo-0.27.8-5.oe1.x86_64.rpm libgit2-debugsource-0.27.8-5.oe1.x86_64.rpm libgit2-0.27.8-5.oe1.x86_64.rpm libgit2-devel-0.27.8-5.oe1.x86_64.rpm An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352. 2021-07-27 CVE-2020-12278 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 High 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H libgit2 security update 2021-07-27 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1282 An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353. 2021-07-27 CVE-2020-12279 openEuler-20.03-LTS-SP1 High 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H libgit2 security update 2021-07-27 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1282