Documentation/RelNotes/2.17.4.txt - git - Git at Google

 Git v2.17.4 Release Notes
 =========================

 This release is to address the security issue: CVE-2020-5260

 Fixes since v2.17.3
 -------------------

  * With a crafted URL that contains a newline in it, the credential
    helper machinery can be fooled to give credential information for
    a wrong host.  The attack has been made impossible by forbidding
    a newline character in any value passed via the credential
    protocol.

 Credit for finding the vulnerability goes to Felix Wilhelm of Google
 Project Zero.
	Git v2.17.4 Release Notes
	=========================

	This release is to address the security issue: CVE-2020-5260

	Fixes since v2.17.3
	-------------------

	* With a crafted URL that contains a newline in it, the credential
	helper machinery can be fooled to give credential information for
	a wrong host. The attack has been made impossible by forbidding
	a newline character in any value passed via the credential
	protocol.

	Credit for finding the vulnerability goes to Felix Wilhelm of Google
	Project Zero.