86dce7281c
From the upstream release notes¹: With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential information that is not appropriate for the protocol in use and host being contacted. Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the credentials are not for a host of the attacker's choosing; instead, they are for some unspecified host (based on how the configured credential helper handles an absent "host" parameter). The attack has been made impossible by refusing to work with under-specified credential patterns. ¹ https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.17.5.txt
2 lines
318 B
Text
2 lines
318 B
Text
SHA512 (git-2.25.4.tar.xz) = ca2ecc561d06dbb393fe47d445f0d69423d114766d9bcc125ef1d6d37e350ad903c456540cea420c1a51635b750cde3901e4196f29ce95b315fda11270173450
|
|
SHA512 (git-2.25.4.tar.sign) = 069a20b8711a4b46aebc49a5237982bc205581c81256edc9b142ca067354faaa7eb12f873e8ca0001cc647db12724ddc968167e66cdbf9fca6093ea596484410
|