This is a security release fixing memory handling issues when reading crafted
repository index files. The issues allow for possible denial of service due to
allocation of large memory and out-of-bound reads.
As the index is never transferred via the network, exploitation requires an
attacker to have access to the local repository.
A list of commits since the last follows:
01b5a1612 CHANGELOG: udpate for v0.26.2
6f4d04b52 index: error out on unreasonable prefix-compressed path lengths
6ddd286e9 index: fix out-of-bounds read with invalid index entry prefix length
b6756821d index: convert `read_entry` to return entry size via an out-param