retitle 860989 cargo: embeds a copy of libgit2 affected by CVE-2016-8568 CVE-2016-8569 retitle 860990 cargo: embeds a copy of libgit2 affected by CVE-2016-10128 CVE-2016-10129 CVE-2016-10130
Debian Bug Tracking System: > Processing commands for cont...@bugs.debian.org: > [..] Note that this is fixed in experimental but not in testing/sid which still carries cargo 0.15 with a libgit2 "0.24 + 1" version, I didn't check exactly which one it was. All of the CVEs are fixed in 0.25.1, I believe. https://sources.debian.net/src/cargo/0.15.0~dev-1/deps/libgit2-sys-0.6.2/libgit2/CHANGELOG.md/ X -- GPG: ed25519/56034877E1F87C35 GPG: rsa4096/1318EFAC5FBBDBCE https://github.com/infinity0/pubkeys.git
