diff options
| author | Vincent Ambo <mail@tazj.in> | 2020-11-21T18·20+0100 |
|---|---|---|
| committer | Vincent Ambo <mail@tazj.in> | 2020-11-21T18·45+0100 |
| commit | f4609b896fac842433bd495c166d5987852a6a73 (patch) | |
| tree | 95511c465c54c4f5d27e5d39ce187e2a1dd82bd3 /third_party/git/Documentation/RelNotes/2.17.4.txt | |
| parent | 082c006c04343a78d87b6c6ab3608c25d6213c3f (diff) | |
merge(3p/git): Merge git subtree at v2.29.2 r/1890
This also bumps the stable nixpkgs to 20.09 as of 2020-11-21, because there is some breakage in the git build related to the netrc credentials helper which someone has taken care of in nixpkgs. The stable channel is not used for anything other than git, so this should be fine. Change-Id: I3575a19dab09e1e9556cf8231d717de9890484fb
Diffstat (limited to 'third_party/git/Documentation/RelNotes/2.17.4.txt')
| -rw-r--r-- | third_party/git/Documentation/RelNotes/2.17.4.txt | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/third_party/git/Documentation/RelNotes/2.17.4.txt b/third_party/git/Documentation/RelNotes/2.17.4.txt new file mode 100644 index 0000000000..7d794ca01a --- /dev/null +++ b/third_party/git/Documentation/RelNotes/2.17.4.txt @@ -0,0 +1,16 @@ +Git v2.17.4 Release Notes +========================= + +This release is to address the security issue: CVE-2020-5260 + +Fixes since v2.17.3 +------------------- + + * With a crafted URL that contains a newline in it, the credential + helper machinery can be fooled to give credential information for + a wrong host. The attack has been made impossible by forbidding + a newline character in any value passed via the credential + protocol. + +Credit for finding the vulnerability goes to Felix Wilhelm of Google +Project Zero. |