MGASA-2020-0175

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0175.html

Import Source

https://advisories.mageia.org/MGASA-2020-0175.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2020-0175

Related

CVE-2020-5260

Published

2020-04-16T23:01:23Z

Modified

2020-04-16T22:37:18Z

Summary

Updated git packages fix security vulnerability

Details

With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host. The attack has been made impossible by forbidding a newline character in any value passed via the credential protocol (CVE-2020-5260).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / git

Package

Name: git
Purl: pkg:rpm/mageia/git?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.21.2-1.mga7

Ecosystem specific

{
    "section": "core"
}