Fast Version Control System
e22c1de491
From the upstream release notes¹: With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential information that is not appropriate for the protocol in use and host being contacted. Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the credentials are not for a host of the attacker's choosing; instead, they are for some unspecified host (based on how the configured credential helper handles an absent "host" parameter). The attack has been made impossible by refusing to work with under-specified credential patterns. ¹ https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.17.5.txt |
||
|---|---|---|
| .gitignore | ||
| .mailmap | ||
| 0001-sequencer-don-t-abbreviate-a-command-if-it-doesn-t-h.patch | ||
| 0002-t3432-test-merge-with-rebase.abbreviateCommands-true.patch | ||
| git-cvsimport-Ignore-cvsps-2.2b1-Branches-output.patch | ||
| git-gui.desktop | ||
| git.rpmlintrc | ||
| git.skip-test-patterns | ||
| git.socket | ||
| git.spec | ||
| git.xinetd.in | ||
| git@.service.in | ||
| gitweb-httpd.conf | ||
| gitweb.conf.in | ||
| gpgkey-junio.asc | ||
| print-failed-test-output | ||
| sources | ||