File: 2.17.4.txt

package info (click to toggle)
git 1%3A2.30.2-1%2Bdeb11u2
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 53,128 kB
  • sloc: ansic: 237,972; sh: 206,995; perl: 29,970; tcl: 22,151; python: 6,357; makefile: 3,843; javascript: 772; sed: 189; asm: 98; csh: 45; ruby: 43; lisp: 12
file content (16 lines) | stat: -rw-r--r-- 520 bytes parent folder | download | duplicates (10) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
 
Git v2.17.4 Release Notes
=========================

This release is to address the security issue: CVE-2020-5260

Fixes since v2.17.3
-------------------

 * With a crafted URL that contains a newline in it, the credential
   helper machinery can be fooled to give credential information for
   a wrong host.  The attack has been made impossible by forbidding
   a newline character in any value passed via the credential
   protocol.

Credit for finding the vulnerability goes to Felix Wilhelm of Google
Project Zero.