NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8dbb329307
kumquat-buildroot/package/git/git.hash
Peter Korsgaard 0c226c4a11 package/git: security bump to version 2.24.3 
Fixes the following security issues:

 * (2.24.2) With a crafted URL that contains a newline in it, the credential
   helper machinery can be fooled to give credential information for a wrong
   host.  The attack has been made impossible by forbidding a newline
   character in any value passed via the credential protocol.

 * (2.24.3) With a crafted URL that contains a newline or empty host, or
   lacks a scheme, the credential helper machinery can be fooled into
   providing credential information that is not appropriate for the protocol
   in use and host being contacted.

   Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
   credentials are not for a host of the attacker's choosing; instead,
   they are for some unspecified host (based on how the configured
   credential helper handles an absent "host" parameter).

   The attack has been made impossible by refusing to work with
   under-specified credential patterns.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-05-25 21:56:57 +02:00

5 lines
321 B
Plaintext
Raw Blame History

# From: https://www.kernel.org/pub/software/scm/git/sha256sums.asc
sha256 da8c594c21ef965cdff427f27a7a384833d96d4d67f3a13915b498009646ef29 git-2.24.3.tar.xz
sha256 5b2198d1645f767585e8a88ac0499b04472164c0d2da22e75ecf97ef443ab32e COPYING
sha256 1922f45d2c49e390032c9c0ba6d7cac904087f7cec51af30c2b2ad022ce0e76a LGPL-2.1
Reference in New Issue View Git Blame Copy Permalink