MGASA-2020-0175

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0175.html

Import Source

https://advisories.mageia.org/MGASA-2020-0175.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2020-0175

Related

CVE-2020-5260

Published

2020-04-16T23:01:23Z

Modified

2020-04-16T22:37:18Z

Summary

Updated git packages fix security vulnerability

Details

With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host. The attack has been made impossible by forbidding a newline character in any value passed via the credential protocol (CVE-2020-5260).

References

https://advisories.mageia.org/MGASA-2020-0175.html
https://bugs.mageia.org/show_bug.cgi?id=26483
https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2020-0175

Affected packages