diff options
author | Vincent Ambo <tazjin@google.com> | 2020-05-25T23·06+0100 |
---|---|---|
committer | Vincent Ambo <tazjin@google.com> | 2020-05-25T23·06+0100 |
commit | 93ba78d6f4632ef1c5228965e3edc8c0faf88c1e (patch) | |
tree | 85730c182a9f5f492ade8e8ccdb1c2356f9900bd /third_party/git/Documentation/RelNotes/2.17.5.txt | |
parent | 6f8fbf4aa4b1654ab27d4829e114538761817de0 (diff) |
revert(3p/git): Revert merge of git upstream at v2.26.2 r/852
This causes cgit to serve error pages, which is undesirable. This reverts commit 5229c9b232de5bfa959ad6ebbb4c8192ac513352, reversing changes made to f2b211131f2347342dde63975b09cf603149f1a3.
Diffstat (limited to 'third_party/git/Documentation/RelNotes/2.17.5.txt')
-rw-r--r-- | third_party/git/Documentation/RelNotes/2.17.5.txt | 22 |
1 files changed, 0 insertions, 22 deletions
diff --git a/third_party/git/Documentation/RelNotes/2.17.5.txt b/third_party/git/Documentation/RelNotes/2.17.5.txt deleted file mode 100644 index 2abb821a7397..000000000000 --- a/third_party/git/Documentation/RelNotes/2.17.5.txt +++ /dev/null @@ -1,22 +0,0 @@ -Git v2.17.5 Release Notes -========================= - -This release is to address a security issue: CVE-2020-11008 - -Fixes since v2.17.4 -------------------- - - * With a crafted URL that contains a newline or empty host, or lacks - a scheme, the credential helper machinery can be fooled into - providing credential information that is not appropriate for the - protocol in use and host being contacted. - - Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the - credentials are not for a host of the attacker's choosing; instead, - they are for some unspecified host (based on how the configured - credential helper handles an absent "host" parameter). - - The attack has been made impossible by refusing to work with - under-specified credential patterns. - -Credit for finding the vulnerability goes to Carlo Arenas. |