merge(3p/git): Merge git upstream at v2.26.2
This commit is contained in:
Vincent Ambo
commit
5229c9b232
1006 changed files with 149006 additions and 60819 deletions
16
third_party/git/Documentation/RelNotes/2.17.4.txt
vendored
Normal file
16
third_party/git/Documentation/RelNotes/2.17.4.txt
vendored
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
Git v2.17.4 Release Notes
|
||||
=========================
|
||||
|
||||
This release is to address the security issue: CVE-2020-5260
|
||||
|
||||
Fixes since v2.17.3
|
||||
-------------------
|
||||
|
||||
* With a crafted URL that contains a newline in it, the credential
|
||||
helper machinery can be fooled to give credential information for
|
||||
a wrong host. The attack has been made impossible by forbidding
|
||||
a newline character in any value passed via the credential
|
||||
protocol.
|
||||
|
||||
Credit for finding the vulnerability goes to Felix Wilhelm of Google
|
||||
Project Zero.
|
||||
Loading…
Add table
Add a link
Reference in a new issue