e22c1de491
From the upstream release notes¹: With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential information that is not appropriate for the protocol in use and host being contacted. Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the credentials are not for a host of the attacker's choosing; instead, they are for some unspecified host (based on how the configured credential helper handles an absent "host" parameter). The attack has been made impossible by refusing to work with under-specified credential patterns. ¹ https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.17.5.txt
3 lines
318 B
Plaintext
3 lines
318 B
Plaintext
SHA512 (git-2.26.2.tar.xz) = 5d92d07b171c5cd6e89a29c1211c73c1c900cd51c74d690aebfb4a3d0e93b541b09b42b6d6a1a82f5c3d953096771f9a8605c63be139f559f58698c1a0eabcfc
|
|
SHA512 (git-2.26.2.tar.sign) = c53a607eda0bf83bf3593e8d68b833ef3ee99976434a97def5dcc25f31e79ff3e79f832b61508509d43d3111df106dde80ff6c9f7ada34ae53e7b4da17b06ed7
|