Junio C Hamano
parent
07259e74ec
commit
c42c0f1297
|
|
@ -0,0 +1,16 @@
|
||||||
|
Git v2.17.4 Release Notes
|
||||||
|
=========================
|
||||||
|
|
||||||
|
This release is to address the security issue: CVE-2020-5260
|
||||||
|
|
||||||
|
Fixes since v2.17.3
|
||||||
|
-------------------
|
||||||
|
|
||||||
|
* With a crafted URL that contains a newline in it, the credential
|
||||||
|
helper machinery can be fooled to give credential information for
|
||||||
|
a wrong host. The attack has been made impossible by forbidding
|
||||||
|
a newline character in any value passed via the credential
|
||||||
|
protocol.
|
||||||
|
|
||||||
|
Credit for finding the vulnerability goes to Felix Wilhelm of Google
|
||||||
|
Project Zero.
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
GVF=GIT-VERSION-FILE
|
GVF=GIT-VERSION-FILE
|
||||||
DEF_VER=v2.17.3
|
DEF_VER=v2.17.4
|
||||||
|
|
||||||
LF='
|
LF='
|
||||||
'
|
'
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue