Slackware-14.1 ChangeLog (2020-04-14)
Tue Apr 14 22:26:11 UTC 2020
Packages
Upgraded
- patches/packages/git-2.17.4-i486-1_slack14.1.txz
This update fixes a security issue:
With a crafted URL that contains a newline in it, the credential helper
machinery can be fooled to give credential information for a wrong host.
The attack has been made impossible by forbidding a newline character in
any value passed via the credential protocol. Credit for finding the
vulnerability goes to Felix Wilhelm of Google Project Zero.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5260
(* Security fix *)