diff -Nru libgit2-1.5.1+ds/debian/changelog libgit2-1.5.1+ds/debian/changelog
--- libgit2-1.5.1+ds/debian/changelog	2023-01-26 21:12:51.000000000 +0000
+++ libgit2-1.5.1+ds/debian/changelog	2024-02-28 06:50:24.000000000 +0000
@@ -1,3 +1,16 @@
+libgit2 (1.5.1+ds-1ubuntu1.1) mantic-security; urgency=medium
+
+  * SECURITY UPDATE: denial-of-service
+    - debian/patches/CVE-2024-24575.patch: fix parsing bug for trailing @
+    in revparse function used by git_revparse_single.
+    - CVE-2024-24575
+  * SECURITY UPDATE: use-after-free
+    - debian/patches/CVE-2024-24577.patch: correct index check in
+      has_dir_name function used by git_index_add.
+    - CVE-2024-24577
+
+ -- Fabian Toepfer <fabian.toepfer@canonical.com>  Wed, 28 Feb 2024 07:50:24 +0100
+
 libgit2 (1.5.1+ds-1ubuntu1) lunar; urgency=low
 
   * Merge from Debian unstable. Remaining changes:
diff -Nru libgit2-1.5.1+ds/debian/control libgit2-1.5.1+ds/debian/control
--- libgit2-1.5.1+ds/debian/control	2023-01-23 06:41:30.000000000 +0000
+++ libgit2-1.5.1+ds/debian/control	2024-02-28 06:50:24.000000000 +0000
@@ -1,7 +1,8 @@
 Source: libgit2
 Section: libs
 Priority: optional
-Maintainer: Utkarsh Gupta <utkarsh@debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Utkarsh Gupta <utkarsh@debian.org>
 Uploaders: Pirate Praveen <praveen@debian.org>,
 	   Mohammed Bilal <mdbilal@disroot.org>
 Build-Depends: debhelper-compat (= 13),
diff -Nru libgit2-1.5.1+ds/debian/patches/CVE-2024-24575.patch libgit2-1.5.1+ds/debian/patches/CVE-2024-24575.patch
--- libgit2-1.5.1+ds/debian/patches/CVE-2024-24575.patch	1970-01-01 00:00:00.000000000 +0000
+++ libgit2-1.5.1+ds/debian/patches/CVE-2024-24575.patch	2024-02-26 19:16:10.000000000 +0000
@@ -0,0 +1,50 @@
+From: =?utf-8?q?Timo_R=C3=B6hling?= <roehling@debian.org>
+Date: Thu, 8 Feb 2024 11:33:13 +0100
+Subject: revparse: fix parsing bug for trailing @
+
+When parsing a revspec that ends with a trailing `@`, explicitly stop
+parsing. Introduce a sentinel variable to explicitly stop parsing.
+
+Prior to this, we would set `spec` to `HEAD`, but were looping on the
+value of `spec[pos]`, so we would continue walking the (new) `spec`
+at offset `pos`, looking for a NUL. This is obviously an out-of-bounds
+read.
+
+Credit to Michael Rodler (@f0rki) and Amazon AWS Security.
+
+Bug-Debian: https://bugs.debian.org/1063415
+Origin: upstream, https://github.com/libgit2/libgit2/commit/c9d31b711e8906cf248566f43142f20b03e20cbf
+---
+ src/libgit2/revparse.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/libgit2/revparse.c b/src/libgit2/revparse.c
+index 9bc28e9..d3bbe84 100644
+--- a/src/libgit2/revparse.c
++++ b/src/libgit2/revparse.c
+@@ -685,6 +685,7 @@ static int revparse(
+ 	git_object *base_rev = NULL;
+ 
+ 	bool should_return_reference = true;
++	bool parsed = false;
+ 
+ 	GIT_ASSERT_ARG(object_out);
+ 	GIT_ASSERT_ARG(reference_out);
+@@ -694,7 +695,7 @@ static int revparse(
+ 	*object_out = NULL;
+ 	*reference_out = NULL;
+ 
+-	while (spec[pos]) {
++	while (!parsed && spec[pos]) {
+ 		switch (spec[pos]) {
+ 		case '^':
+ 			should_return_reference = false;
+@@ -801,6 +802,8 @@ static int revparse(
+ 				break;
+ 			} else if (spec[pos+1] == '\0') {
+ 				spec = "HEAD";
++				identifier_len = 4;
++				parsed = true;
+ 				break;
+ 			}
+ 			/* fall through */
diff -Nru libgit2-1.5.1+ds/debian/patches/CVE-2024-24577.patch libgit2-1.5.1+ds/debian/patches/CVE-2024-24577.patch
--- libgit2-1.5.1+ds/debian/patches/CVE-2024-24577.patch	1970-01-01 00:00:00.000000000 +0000
+++ libgit2-1.5.1+ds/debian/patches/CVE-2024-24577.patch	2024-02-26 19:16:16.000000000 +0000
@@ -0,0 +1,46 @@
+From: Edward Thomson <ethomson@edwardthomson.com>
+Date: Sat, 16 Dec 2023 11:19:07 +0000
+Subject: index: correct index has_dir_name check
+
+`has_dir_name` is used to check for directory/file collisions,
+and attempts to determine whether the index contains a file with
+a directory name that is a proper subset of the new index entry
+that we're trying to add.
+
+To determine directory name, the function would walk the path string
+backwards to identify a `/`, stopping at the end of the string. However,
+the function assumed that the strings did not start with a `/`. If the
+paths contain only a single `/` at the beginning of the string, then the
+function would continue the loop, erroneously, when they should have
+stopped at the first character.
+
+Correct the order of the tests to terminate properly.
+
+Credit to Michael Rodler (@f0rki) and Amazon AWS Security.
+
+Bug-Debian: https://bugs.debian.org/1063416
+Origin: upstream, https://github.com/libgit2/libgit2/commit/eb4c1716cd92bf56f2770653a915d5fc01eab8f3
+---
+ src/libgit2/index.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/src/libgit2/index.c b/src/libgit2/index.c
+index f44c507..dcc41ce 100644
+--- a/src/libgit2/index.c
++++ b/src/libgit2/index.c
+@@ -1148,10 +1148,13 @@ static int has_dir_name(git_index *index,
+ 		size_t len, pos;
+ 
+ 		for (;;) {
+-			if (*--slash == '/')
+-				break;
++			slash--;
++
+ 			if (slash <= entry->path)
+ 				return 0;
++
++			if (*slash == '/')
++				break;
+ 		}
+ 		len = slash - name;
+ 
diff -Nru libgit2-1.5.1+ds/debian/patches/series libgit2-1.5.1+ds/debian/patches/series
--- libgit2-1.5.1+ds/debian/patches/series	2023-01-23 06:41:31.000000000 +0000
+++ libgit2-1.5.1+ds/debian/patches/series	2024-02-26 19:16:16.000000000 +0000
@@ -2,3 +2,5 @@
 fix-unit-tests.patch
 handle-bashism.patch
 disable-flaky-stat-tests.patch
+CVE-2024-24575.patch
+CVE-2024-24577.patch