diff options
| author | Junio C Hamano <gitster@pobox.com> | 2020-03-17 21:23:48 +0100 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2020-03-17 21:25:33 +0100 |
| commit | c42c0f12972194564f039dcf580d89ca14ae72d6 (patch) | |
| tree | 5e958ae4191ade220c544b7c4528a92db829bf89 | |
| parent | fsck: detect gitmodules URLs with embedded newlines (diff) | |
| download | git-c42c0f12972194564f039dcf580d89ca14ae72d6.tar.xz git-c42c0f12972194564f039dcf580d89ca14ae72d6.zip | |
Git 2.17.4v2.17.4
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| -rw-r--r-- | Documentation/RelNotes/2.17.4.txt | 16 | ||||
| -rwxr-xr-x | GIT-VERSION-GEN | 2 | ||||
| l--------- | RelNotes | 2 |
3 files changed, 18 insertions, 2 deletions
diff --git a/Documentation/RelNotes/2.17.4.txt b/Documentation/RelNotes/2.17.4.txt new file mode 100644 index 0000000000..7d794ca01a --- /dev/null +++ b/Documentation/RelNotes/2.17.4.txt @@ -0,0 +1,16 @@ +Git v2.17.4 Release Notes +========================= + +This release is to address the security issue: CVE-2020-5260 + +Fixes since v2.17.3 +------------------- + + * With a crafted URL that contains a newline in it, the credential + helper machinery can be fooled to give credential information for + a wrong host. The attack has been made impossible by forbidding + a newline character in any value passed via the credential + protocol. + +Credit for finding the vulnerability goes to Felix Wilhelm of Google +Project Zero. diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN index bd6cd16e3d..cdb21b3311 100755 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@ -1,7 +1,7 @@ #!/bin/sh GVF=GIT-VERSION-FILE -DEF_VER=v2.17.3 +DEF_VER=v2.17.4 LF=' ' @@ -1 +1 @@ -Documentation/RelNotes/2.17.3.txt
\ No newline at end of file +Documentation/RelNotes/2.17.4.txt
\ No newline at end of file |