Documentation/RelNotes/2.17.5.adoc at reftables-rust

freshlybakedca.ke / git

fork atom

Git fork

fork atom

git / Documentation / RelNotes / 2.17.5.adoc

at reftables-rust 22 lines 828 B view raw

wrap content

brian m. carlson doc: use .adoc extension for AsciiDoc files 1y ago

1f010d6b

 1Git v2.17.5 Release Notes
 2=========================
 3
 4This release is to address a security issue: CVE-2020-11008
 5
 6Fixes since v2.17.4
 7-------------------
 8
 9 * With a crafted URL that contains a newline or empty host, or lacks
10   a scheme, the credential helper machinery can be fooled into
11   providing credential information that is not appropriate for the
12   protocol in use and host being contacted.
13
14   Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
15   credentials are not for a host of the attacker's choosing; instead,
16   they are for some unspecified host (based on how the configured
17   credential helper handles an absent "host" parameter).
18
19   The attack has been made impossible by refusing to work with
20   under-specified credential patterns.
21
22Credit for finding the vulnerability goes to Carlo Arenas.