Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link libgit2, this update also includes rebuilds of all affected applications.
Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link libgit2, this update also includes rebuilds of all affected applications.
Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link libgit2, this update also includes rebuilds of all affected applications.
Two vulnerabilities were discovered in unbound, a validating, recursive,
caching DNS resolver. Specially crafted DNSSEC answers could lead
unbound down a very CPU intensive and time costly DNSSEC
(CVE-2023-50387) or NSEC3 hash (CVE-2023-50868) validation path,
resulting in denial of service.
Mate Kukri discovered the Debian build of EDK2, a UEFI firmware
implementation, used an insecure default configuration which could result
in Secure Boot bypass via the UEFI shell.
This updates disables the UEFI shell if Secure Boot is used.