pkgsrc/devel/git/Makefile.version at e2e3a489be3390b61b338b4eb483fa731fab0398 - kpriv/pkgsrc - Disroot Forgejo: Brace yourself, merge conflicts ahead.

kpriv/pkgsrc

leot 5521d16842 git: Update to 2.26.2

Changes:
2.26.2
------
This release is to address the security issue: CVE-2020-11008

 * With a crafted URL that contains a newline or empty host, or lacks
   a scheme, the credential helper machinery can be fooled into
   providing credential information that is not appropriate for the
   protocol in use and host being contacted.

   Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
   credentials are not for a host of the attacker's choosing; instead,
   they are for some unspecified host (based on how the configured
   credential helper handles an absent "host" parameter).

   The attack has been made impossible by refusing to work with
   under-specified credential patterns.

Credit for finding the vulnerability goes to Carlo Arenas.

2020-04-20 20:03:32 +00:00

7 lines

191 B

Text

Raw Blame History

 # $NetBSD: Makefile.version,v 1.88 2020/04/20 20:03:32 leot Exp $
 #
 # used by devel/git/Makefile.common
 # used by devel/git-cvs/Makefile
 # used by devel/git-svn/Makefile
 GIT_VERSION=	2.26.2