Fast Version Control System
From the upstream release notes¹: With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential information that is not appropriate for the protocol in use and host being contacted. Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the credentials are not for a host of the attacker's choosing; instead, they are for some unspecified host (based on how the configured credential helper handles an absent "host" parameter). The attack has been made impossible by refusing to work with under-specified credential patterns. ¹ https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.17.5.txt |
||
---|---|---|
.gitignore | ||
.mailmap | ||
0001-sequencer-don-t-abbreviate-a-command-if-it-doesn-t-h.patch | ||
0002-t3432-test-merge-with-rebase.abbreviateCommands-true.patch | ||
git-cvsimport-Ignore-cvsps-2.2b1-Branches-output.patch | ||
git-gui.desktop | ||
git.rpmlintrc | ||
git.skip-test-patterns | ||
git.socket | ||
git.spec | ||
git.xinetd.in | ||
git@.service.in | ||
gitweb-httpd.conf | ||
gitweb.conf.in | ||
gpgkey-junio.asc | ||
print-failed-test-output | ||
sources |