Return to distinfo CVS log | Up to [cvs.NetBSD.org] / pkgsrc / devel / git-base |
File: [cvs.NetBSD.org] / pkgsrc / devel / git-base / distinfo (download)
Revision 1.100, Mon Apr 20 20:03:32 2020 UTC (3 years, 11 months ago) by leot
git: Update to 2.26.2 Changes: 2.26.2 ------ This release is to address the security issue: CVE-2020-11008 * With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential information that is not appropriate for the protocol in use and host being contacted. Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the credentials are not for a host of the attacker's choosing; instead, they are for some unspecified host (based on how the configured credential helper handles an absent "host" parameter). The attack has been made impossible by refusing to work with under-specified credential patterns. Credit for finding the vulnerability goes to Carlo Arenas. |
$NetBSD: distinfo,v 1.100 2020/04/20 20:03:32 leot Exp $ SHA1 (git-2.26.2.tar.xz) = bdb5eb6c014d7c372be70782a5155d964abe2c08 RMD160 (git-2.26.2.tar.xz) = d73cfb9020e0a346c954d607b5301e2dd0d9b818 SHA512 (git-2.26.2.tar.xz) = 5d92d07b171c5cd6e89a29c1211c73c1c900cd51c74d690aebfb4a3d0e93b541b09b42b6d6a1a82f5c3d953096771f9a8605c63be139f559f58698c1a0eabcfc Size (git-2.26.2.tar.xz) = 6007864 bytes SHA1 (patch-Documentation_Makefile) = 6025adac0fbb4b403f3954e6dac9d690dfb22daa SHA1 (patch-Makefile) = 73741b9d9a1b32bb47db48a7c546c4ff10fb41d6 SHA1 (patch-builtin_receive-pack.c) = 271df08d874a11b41f33aade64352040bc028fa2 SHA1 (patch-config.mak.uname) = 5316873147acf5b6ef29e426946280bb6441c886 SHA1 (patch-git-gui_Makefile) = d00f4da74a437f3a58f0926f2407c974a8efc2c7 SHA1 (patch-gitk-git_Makefile) = e5d2112d158fe493a89b244a10d2e4b998a23d98 SHA1 (patch-templates_Makefile) = 4f0b9a5745203ea7ef369c8272b3ea7c644762f0