pkgsrc/devel/git-base/distinfo - view

Return to distinfo CVS log

Up to [cvs.NetBSD.org] / pkgsrc / devel / git-base

File: [cvs.NetBSD.org] / pkgsrc / devel / git-base / distinfo (download)

Revision 1.100, Mon Apr 20 20:03:32 2020 UTC (3 years, 11 months ago) by leot
Branch: MAIN
Changes since 1.99: +5 -5 lines

git: Update to 2.26.2

Changes:
2.26.2
------
This release is to address the security issue: CVE-2020-11008

 * With a crafted URL that contains a newline or empty host, or lacks
   a scheme, the credential helper machinery can be fooled into
   providing credential information that is not appropriate for the
   protocol in use and host being contacted.

   Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
   credentials are not for a host of the attacker's choosing; instead,
   they are for some unspecified host (based on how the configured
   credential helper handles an absent "host" parameter).

   The attack has been made impossible by refusing to work with
   under-specified credential patterns.

Credit for finding the vulnerability goes to Carlo Arenas.

$NetBSD: distinfo,v 1.100 2020/04/20 20:03:32 leot Exp $

SHA1 (git-2.26.2.tar.xz) = bdb5eb6c014d7c372be70782a5155d964abe2c08
RMD160 (git-2.26.2.tar.xz) = d73cfb9020e0a346c954d607b5301e2dd0d9b818
SHA512 (git-2.26.2.tar.xz) = 5d92d07b171c5cd6e89a29c1211c73c1c900cd51c74d690aebfb4a3d0e93b541b09b42b6d6a1a82f5c3d953096771f9a8605c63be139f559f58698c1a0eabcfc
Size (git-2.26.2.tar.xz) = 6007864 bytes
SHA1 (patch-Documentation_Makefile) = 6025adac0fbb4b403f3954e6dac9d690dfb22daa
SHA1 (patch-Makefile) = 73741b9d9a1b32bb47db48a7c546c4ff10fb41d6
SHA1 (patch-builtin_receive-pack.c) = 271df08d874a11b41f33aade64352040bc028fa2
SHA1 (patch-config.mak.uname) = 5316873147acf5b6ef29e426946280bb6441c886
SHA1 (patch-git-gui_Makefile) = d00f4da74a437f3a58f0926f2407c974a8efc2c7
SHA1 (patch-gitk-git_Makefile) = e5d2112d158fe493a89b244a10d2e4b998a23d98
SHA1 (patch-templates_Makefile) = 4f0b9a5745203ea7ef369c8272b3ea7c644762f0