This update for libgit2 fixes the following issues:
CVE-2022-24765: Fixed potential command injection via git worktree (bsc#1198234).
CVE-2022-29187: Fixed incomplete fix for CVE-2022-24765 (bsc#1201431).
Affected Packages
libgit2
SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP2-LTSSSUSE Linux Enterprise Module for Development Tools 15 SP3SUSE Linux Enterprise Server 15 SP2-BCL
Fixed in:
0.28.4-150200.3.3.1
libgit2-28
SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP2-LTSSSUSE Linux Enterprise Module for Development Tools 15 SP3SUSE Linux Enterprise Server 15 SP2-BCL
Fixed in:
0.28.4-150200.3.3.1
libgit2-devel
SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP2-LTSSSUSE Linux Enterprise Module for Development Tools 15 SP3SUSE Linux Enterprise Server 15 SP2-BCL