diff options
Diffstat (limited to 'third_party/git/Documentation/RelNotes/2.17.5.txt')
| -rw-r--r-- | third_party/git/Documentation/RelNotes/2.17.5.txt | 22 |
1 files changed, 0 insertions, 22 deletions
diff --git a/third_party/git/Documentation/RelNotes/2.17.5.txt b/third_party/git/Documentation/RelNotes/2.17.5.txt deleted file mode 100644 index 2abb821a73..0000000000 --- a/third_party/git/Documentation/RelNotes/2.17.5.txt +++ /dev/null @@ -1,22 +0,0 @@ -Git v2.17.5 Release Notes -========================= - -This release is to address a security issue: CVE-2020-11008 - -Fixes since v2.17.4 -------------------- - - * With a crafted URL that contains a newline or empty host, or lacks - a scheme, the credential helper machinery can be fooled into - providing credential information that is not appropriate for the - protocol in use and host being contacted. - - Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the - credentials are not for a host of the attacker's choosing; instead, - they are for some unspecified host (based on how the configured - credential helper handles an absent "host" parameter). - - The attack has been made impossible by refusing to work with - under-specified credential patterns. - -Credit for finding the vulnerability goes to Carlo Arenas. |