Slackware-14.2 ChangeLog (2020-04-22)

Wed Apr 22 02:19:37 UTC 2020

  • patches/packages/git-2.17.5-i586-1_slack14.2.txz
    This update fixes a security issue:
    With a crafted URL that contains a newline or empty host, or lacks
    a scheme, the credential helper machinery can be fooled into
    providing credential information that is not appropriate for the
    protocol in use and host being contacted.
    Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
    credentials are not for a host of the attacker's choosing; instead,
    they are for some unspecified host (based on how the configured
    credential helper handles an absent “host” parameter).
    For more information, see:
    (* Security fix *)
  • news/2020/04/22/slackware-14.2-changelog.txt
  • Last modified: 3 years ago
  • by Giuseppe Di Terlizzi