diff -Nru libgit2-1.7.1+ds/CMakeLists.txt libgit2-1.7.2+ds/CMakeLists.txt
--- libgit2-1.7.1+ds/CMakeLists.txt	2023-08-14 20:49:40.000000000 +0000
+++ libgit2-1.7.2+ds/CMakeLists.txt	2024-01-12 10:46:16.000000000 +0000
@@ -6,7 +6,7 @@
 
 cmake_minimum_required(VERSION 3.5.1)
 
-project(libgit2 VERSION "1.7.1" LANGUAGES C)
+project(libgit2 VERSION "1.7.2" LANGUAGES C)
 
 # Add find modules to the path
 set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${PROJECT_SOURCE_DIR}/cmake")
diff -Nru libgit2-1.7.1+ds/debian/changelog libgit2-1.7.2+ds/debian/changelog
--- libgit2-1.7.1+ds/debian/changelog	2023-12-03 08:29:52.000000000 +0000
+++ libgit2-1.7.2+ds/debian/changelog	2024-02-13 08:12:02.000000000 +0000
@@ -1,3 +1,23 @@
+libgit2 (1.7.2+ds-1ubuntu1) noble; urgency=low
+
+  * Merge from Debian unstable. Remaining changes:
+    - Use OpenSSL as the crypto backend
+    - Use cmake:native in d/tests/control
+    - Lower optimization level to O2 on ppc64el to fix a test failure
+
+ -- Gianfranco Costamagna <locutusofborg@debian.org>  Tue, 13 Feb 2024 09:12:02 +0100
+
+libgit2 (1.7.2+ds-1) unstable; urgency=medium
+
+  * New upstream version 1.7.2+ds
+    - Fix CVE-2024-24575: Denial of service in git_revparse_single
+      (Closes: #1063415)
+    - Fix CVE-2024-24577: Use-after-free in git_index_add
+      (Closes: #1063416)
+  * Build-depend on pkgconf instead of pkg-config
+
+ -- Timo Röhling <roehling@debian.org>  Thu, 08 Feb 2024 09:10:45 +0100
+
 libgit2 (1.7.1+ds-2ubuntu1) noble; urgency=low
 
   * Merge from Debian unstable. Remaining changes:
diff -Nru libgit2-1.7.1+ds/debian/control libgit2-1.7.2+ds/debian/control
--- libgit2-1.7.1+ds/debian/control	2023-12-02 21:18:38.000000000 +0000
+++ libgit2-1.7.2+ds/debian/control	2024-02-12 20:50:16.000000000 +0000
@@ -7,7 +7,7 @@
 	   Timo Röhling <roehling@debian.org>,
 Build-Depends: debhelper-compat (= 13),
                python3-minimal:any,
-               pkg-config,
+               pkgconf,
                ca-certificates,
                cmake,
                zlib1g-dev,
diff -Nru libgit2-1.7.1+ds/docs/changelog.md libgit2-1.7.2+ds/docs/changelog.md
--- libgit2-1.7.1+ds/docs/changelog.md	2023-08-14 20:49:40.000000000 +0000
+++ libgit2-1.7.2+ds/docs/changelog.md	2024-01-12 10:46:16.000000000 +0000
@@ -1,3 +1,20 @@
+v1.7.2
+------
+
+## What's Changed
+
+This release fixes three bugs that can cause undefined behavior when given well-crafted inputs, either in input files or over network connections. These bugs may be able to be leveraged to cause denial of service attacks or unauthorized code execution.
+
+Two of these issues were discovered and reported by security engineers at Amazon Web Services. We thank the AWS Security team for their efforts to identify these issues, provide helpful reproduction cases, and responsibly disclose their findings.
+
+### Security fixes
+
+* transport: safely handle messages with no caps
+* revparse: fix parsing bug for trailing `@`
+* index: correct index has_dir_name check
+
+**Full Changelog**: https://github.com/libgit2/libgit2/compare/v1.7.1...v1.7.2
+
 v1.7.1
 ------
 
diff -Nru libgit2-1.7.1+ds/include/git2/version.h libgit2-1.7.2+ds/include/git2/version.h
--- libgit2-1.7.1+ds/include/git2/version.h	2023-08-14 20:49:40.000000000 +0000
+++ libgit2-1.7.2+ds/include/git2/version.h	2024-01-12 10:46:16.000000000 +0000
@@ -11,7 +11,7 @@
  * The version string for libgit2.  This string follows semantic
  * versioning (v2) guidelines.
  */
-#define LIBGIT2_VERSION        "1.7.1"
+#define LIBGIT2_VERSION        "1.7.2"
 
 /** The major version number for this version of libgit2. */
 #define LIBGIT2_VER_MAJOR      1
@@ -20,7 +20,7 @@
 #define LIBGIT2_VER_MINOR      7
 
 /** The revision ("teeny") version number for this version of libgit2. */
-#define LIBGIT2_VER_REVISION   1
+#define LIBGIT2_VER_REVISION   2
 
 /** The Windows DLL patch number for this version of libgit2. */
 #define LIBGIT2_VER_PATCH      0
diff -Nru libgit2-1.7.1+ds/package.json libgit2-1.7.2+ds/package.json
--- libgit2-1.7.1+ds/package.json	2023-08-14 20:49:40.000000000 +0000
+++ libgit2-1.7.2+ds/package.json	2024-01-12 10:46:16.000000000 +0000
@@ -1,6 +1,6 @@
 {
   "name": "libgit2",
-  "version": "1.7.1",
+  "version": "1.7.2",
   "repo": "https://github.com/libgit2/libgit2",
   "description": " A cross-platform, linkable library implementation of Git that you can use in your application.",
   "install": "mkdir build && cd build && cmake .. && cmake --build ."
diff -Nru libgit2-1.7.1+ds/src/libgit2/index.c libgit2-1.7.2+ds/src/libgit2/index.c
--- libgit2-1.7.1+ds/src/libgit2/index.c	2023-08-14 20:49:40.000000000 +0000
+++ libgit2-1.7.2+ds/src/libgit2/index.c	2024-01-12 10:46:16.000000000 +0000
@@ -1185,10 +1185,13 @@
 		size_t len, pos;
 
 		for (;;) {
-			if (*--slash == '/')
-				break;
+			slash--;
+
 			if (slash <= entry->path)
 				return 0;
+
+			if (*slash == '/')
+				break;
 		}
 		len = slash - name;
 
diff -Nru libgit2-1.7.1+ds/src/libgit2/revparse.c libgit2-1.7.2+ds/src/libgit2/revparse.c
--- libgit2-1.7.1+ds/src/libgit2/revparse.c	2023-08-14 20:49:40.000000000 +0000
+++ libgit2-1.7.2+ds/src/libgit2/revparse.c	2024-01-12 10:46:16.000000000 +0000
@@ -701,6 +701,7 @@
 	git_object *base_rev = NULL;
 
 	bool should_return_reference = true;
+	bool parsed = false;
 
 	GIT_ASSERT_ARG(object_out);
 	GIT_ASSERT_ARG(reference_out);
@@ -710,7 +711,7 @@
 	*object_out = NULL;
 	*reference_out = NULL;
 
-	while (spec[pos]) {
+	while (!parsed && spec[pos]) {
 		switch (spec[pos]) {
 		case '^':
 			should_return_reference = false;
@@ -817,6 +818,8 @@
 				break;
 			} else if (spec[pos+1] == '\0') {
 				spec = "HEAD";
+				identifier_len = 4;
+				parsed = true;
 				break;
 			}
 			/* fall through */
diff -Nru libgit2-1.7.1+ds/src/libgit2/transports/smart_pkt.c libgit2-1.7.2+ds/src/libgit2/transports/smart_pkt.c
--- libgit2-1.7.1+ds/src/libgit2/transports/smart_pkt.c	2023-08-14 20:49:40.000000000 +0000
+++ libgit2-1.7.2+ds/src/libgit2/transports/smart_pkt.c	2024-01-12 10:46:16.000000000 +0000
@@ -232,7 +232,8 @@
 
 	GIT_ASSERT_ARG(data);
 
-	if ((caps = memchr(line, '\0', len)) != NULL) {
+	if ((caps = memchr(line, '\0', len)) != NULL &&
+	    len > (size_t)((caps - line) + 1)) {
 		caps++;
 
 		if (strncmp(caps, "object-format=", CONST_STRLEN("object-format=")) == 0)
diff -Nru libgit2-1.7.1+ds/tests/libgit2/index/add.c libgit2-1.7.2+ds/tests/libgit2/index/add.c
--- libgit2-1.7.1+ds/tests/libgit2/index/add.c	2023-08-14 20:49:40.000000000 +0000
+++ libgit2-1.7.2+ds/tests/libgit2/index/add.c	2024-01-12 10:46:16.000000000 +0000
@@ -82,3 +82,27 @@
 	test_add_entry(true, valid_commit_id, GIT_FILEMODE_LINK);
 }
 
+void test_index_add__two_slash_prefixed(void)
+{
+	git_index_entry one = {{0}}, two = {{0}};
+	const git_index_entry *result;
+	size_t orig_count;
+
+	orig_count = git_index_entrycount(g_index);
+
+	cl_git_pass(git_oid__fromstr(&one.id, "fa49b077972391ad58037050f2a75f74e3671e92", GIT_OID_SHA1));
+	one.path = "/a";
+	one.mode = GIT_FILEMODE_BLOB;
+
+	cl_git_pass(git_oid__fromstr(&two.id, "3697d64be941a53d4ae8f6a271e4e3fa56b022cc", GIT_OID_SHA1));
+	two.path = "/a";
+	two.mode = GIT_FILEMODE_BLOB;
+
+	cl_git_pass(git_index_add(g_index, &one));
+	cl_git_pass(git_index_add(g_index, &two));
+
+	cl_assert_equal_i(orig_count + 1, git_index_entrycount(g_index));
+
+	cl_assert(result = git_index_get_bypath(g_index, "/a", 0));
+	cl_assert_equal_oid(&two.id, &result->id);
+}