ELA-805-1 libgit2 security update

Improper Verification of Cryptographic Signature

Version0.25.1+really0.24.6-1+deb9u2 (stretch)
Related CVEs CVE-2023-22742

A vulnerability have been found in libgit2, a cross-platform, linkable library implementation of Git.

Previous versions of libgit’s SSH backend did by default not perform certificate checking if the caller did not explicitly provide a certificate check callback and so may be subjected to a man-in-the-middle attack.

For Debian 9 stretch, these problems have been fixed in version 0.25.1+really0.24.6-1+deb9u2.

We recommend that you upgrade your libgit2 packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.