c42c0f1297
Signed-off-by: Junio C Hamano <gitster@pobox.com>
17 lines
520 B
Plaintext
17 lines
520 B
Plaintext
Git v2.17.4 Release Notes
|
|
=========================
|
|
|
|
This release is to address the security issue: CVE-2020-5260
|
|
|
|
Fixes since v2.17.3
|
|
-------------------
|
|
|
|
* With a crafted URL that contains a newline in it, the credential
|
|
helper machinery can be fooled to give credential information for
|
|
a wrong host. The attack has been made impossible by forbidding
|
|
a newline character in any value passed via the credential
|
|
protocol.
|
|
|
|
Credit for finding the vulnerability goes to Felix Wilhelm of Google
|
|
Project Zero.
|