changelog_14.2
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revision | Next revisionBoth sides next revision | ||
| changelog_14.2 [2020/04/17 15:44] – [2020-04-15] connie | changelog_14.2 [2020/04/22 01:16] – [2020-04-17] connie | ||
|---|---|---|---|
| Line 2: | Line 2: | ||
| Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding. | Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding. | ||
| + | |||
| + | ==== 2020-04-21 ==== | ||
| + | |||
| + | **git-2.17.5**: | ||
| + | This update fixes a security issue: | ||
| + | With a crafted URL that contains a newline or empty host, or lacks | ||
| + | a scheme, the credential helper machinery can be fooled into | ||
| + | providing credential information that is not appropriate for the | ||
| + | protocol in use and host being contacted. | ||
| + | Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the | ||
| + | credentials are not for a host of the attacker' | ||
| + | they are for some unspecified host (based on how the configured | ||
| + | credential helper handles an absent " | ||
| + | For more information, | ||
| + | * https:// | ||
| + | (**Security fix**) | ||
| ==== 2020-04-17 ==== | ==== 2020-04-17 ==== | ||
changelog_14.2.txt · Last modified: 2023/12/23 13:40 by connie