tvl-depot/third_party/git/Documentation/RelNotes/2.17.4.txt

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

17 lines
520 B
Text
Raw Normal View History

Git v2.17.4 Release Notes
=========================
This release is to address the security issue: CVE-2020-5260
Fixes since v2.17.3
-------------------
* With a crafted URL that contains a newline in it, the credential
helper machinery can be fooled to give credential information for
a wrong host. The attack has been made impossible by forbidding
a newline character in any value passed via the credential
protocol.
Credit for finding the vulnerability goes to Felix Wilhelm of Google
Project Zero.