package/git: security bump to version 2.24.3

mirror of https://github.com/godotengine/buildroot.git synced 2026-01-04 06:10:16 +03:00

Fixes the following security issues:

 * (2.24.2) With a crafted URL that contains a newline in it, the credential
   helper machinery can be fooled to give credential information for a wrong
   host.  The attack has been made impossible by forbidding a newline
   character in any value passed via the credential protocol.

 * (2.24.3) With a crafted URL that contains a newline or empty host, or
   lacks a scheme, the credential helper machinery can be fooled into
   providing credential information that is not appropriate for the protocol
   in use and host being contacted.

   Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
   credentials are not for a host of the attacker's choosing; instead,
   they are for some unspecified host (based on how the configured
   credential helper handles an absent "host" parameter).

   The attack has been made impossible by refusing to work with
   under-specified credential patterns.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

This commit is contained in:

Peter Korsgaard

2020-05-24 22:24:34 +02:00

parent e298a0a8b4

commit 0c226c4a11

2 changed files with 2 additions and 2 deletions

									
										2

package/git/git.mk
									
												View File
												
				@@ -4,7 +4,7 @@

				#

				################################################################################

				GIT_VERSION = 2.24.1

				GIT_VERSION = 2.24.3

				GIT_SOURCE = git-$(GIT_VERSION).tar.xz

				GIT_SITE = $(BR2_KERNEL_MIRROR)/software/scm/git

				GIT_LICENSE = GPL-2.0, LGPL-2.1+

package/git: security bump to version 2.24.3

2 package/git/git.mk Unescape Escape View File

2

package/git/git.mk

View File