about summary refs log tree commit diff
path: root/third_party/git/Documentation/RelNotes/2.17.4.txt
blob: 7d794ca01af216b8e77564fe46ff743710a628a4 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Git v2.17.4 Release Notes
=========================

This release is to address the security issue: CVE-2020-5260

Fixes since v2.17.3
-------------------

 * With a crafted URL that contains a newline in it, the credential
   helper machinery can be fooled to give credential information for
   a wrong host.  The attack has been made impossible by forbidding
   a newline character in any value passed via the credential
   protocol.

Credit for finding the vulnerability goes to Felix Wilhelm of Google
Project Zero.