diff options
| author | Junio C Hamano <gitster@pobox.com> | 2020-03-17 18:12:01 -0700 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2020-03-17 18:12:01 -0700 |
| commit | 67b0a24910fbb23c8f5e7a2c61c339818bc68296 (patch) | |
| tree | cfb499c09dd5d0310006062e1e361c42d0045283 /Documentation/RelNotes/2.17.4.txt | |
| parent | 0822e66b5d49d0de1aa767b38785e42de05eaf40 (diff) | |
| parent | 506223f9c5c8956f895f0342e4a6d4244b5fa570 (diff) | |
| download | git-2.25.3.tar.xz | |
Git 2.25.3v2.25.3
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'Documentation/RelNotes/2.17.4.txt')
| -rw-r--r-- | Documentation/RelNotes/2.17.4.txt | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/Documentation/RelNotes/2.17.4.txt b/Documentation/RelNotes/2.17.4.txt new file mode 100644 index 0000000000..7d794ca01a --- /dev/null +++ b/Documentation/RelNotes/2.17.4.txt @@ -0,0 +1,16 @@ +Git v2.17.4 Release Notes +========================= + +This release is to address the security issue: CVE-2020-5260 + +Fixes since v2.17.3 +------------------- + + * With a crafted URL that contains a newline in it, the credential + helper machinery can be fooled to give credential information for + a wrong host. The attack has been made impossible by forbidding + a newline character in any value passed via the credential + protocol. + +Credit for finding the vulnerability goes to Felix Wilhelm of Google +Project Zero. |