This is an old revision of the document!
Slackware64-14.0 ChangeLog (2020-04-22)
Wed Apr 22 02:19:37 UTC 2020
Packages
Upgraded
- patches/packages/git-2.17.5-x86_64-1_slack14.0.txz
This update fixes a security issue:
With a crafted URL that contains a newline or empty host, or lacks
a scheme, the credential helper machinery can be fooled into
providing credential information that is not appropriate for the
protocol in use and host being contacted.
Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
credentials are not for a host of the attacker's choosing; instead,
they are for some unspecified host (based on how the configured
credential helper handles an absent “host” parameter).
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11008
(* Security fix *)