CVE request: invalid memory accesses parsing object files in libgit2

[Gustavo Grieco <gustavo.grieco () gmail com>]

Hi,

We recently reported two invalid memory accesses in the last revision
of libgit2:

* Read out-of-bounds in git_oid_nfmt:
https://github.com/libgit2/libgit2/issues/3936

* DoS using a null pointer derreference in git_commit_message:
https://github.com/libgit2/libgit2/issues/3937

The developers are preparing a patch to harden object parsing in libgit2 here:

https://github.com/libgit2/libgit2/pull/3956

Please assign one or more CVE if suitable.

Regards,
Gustavo.