f4609b896f
This also bumps the stable nixpkgs to 20.09 as of 2020-11-21, because there is some breakage in the git build related to the netrc credentials helper which someone has taken care of in nixpkgs. The stable channel is not used for anything other than git, so this should be fine. Change-Id: I3575a19dab09e1e9556cf8231d717de9890484fb
16 lines
520 B
Text
16 lines
520 B
Text
Git v2.17.4 Release Notes
|
|
=========================
|
|
|
|
This release is to address the security issue: CVE-2020-5260
|
|
|
|
Fixes since v2.17.3
|
|
-------------------
|
|
|
|
* With a crafted URL that contains a newline in it, the credential
|
|
helper machinery can be fooled to give credential information for
|
|
a wrong host. The attack has been made impossible by forbidding
|
|
a newline character in any value passed via the credential
|
|
protocol.
|
|
|
|
Credit for finding the vulnerability goes to Felix Wilhelm of Google
|
|
Project Zero.
|