FreeBSD Bugzilla – Attachment 213685 Details for
Bug 245821
security/vuxml CVE-2020-5260
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch to include CVE-2020-5260 in vuxml
cve-2020-5260.diff (text/plain), 2.81 KB, created by
rob2g2
on 2020-04-22 13:06:56 UTC
(
hide
)
Description:
patch to include CVE-2020-5260 in vuxml
Filename:
MIME Type:
Creator:
rob2g2
Created:
2020-04-22 13:06:56 UTC
Size:
2.81 KB
patch
obsolete
>--- vuln2.xml Wed Apr 22 15:03:52 2020 >+++ vuln.xml Wed Apr 22 15:02:39 2020 >@@ -60,0 +61,67 @@ >+ <vuln vid="ced2d47e-8469-11ea-a283-b42e99a1b9c3"> >+ <topic>malicious URLs may present credentials to wrong server</topic> >+ <affects> >+ <package> >+ <name>git</name> >+ <range><ge>2.26.0</ge><lt>2.26.1</lt></range> >+ <range><ge>2.25.0</ge><lt>2.25.3</lt></range> >+ <range><ge>2.24.0</ge><lt>2.24.2</lt></range> >+ <range><ge>2.23.0</ge><lt>2.23.2</lt></range> >+ <range><ge>2.22.0</ge><lt>2.22.3</lt></range> >+ <range><ge>2.21.0</ge><lt>2.21.2</lt></range> >+ <range><ge>2.20.0</ge><lt>2.20.3</lt></range> >+ <range><ge>2.19.0</ge><lt>2.19.4</lt></range> >+ <range><ge>2.18.0</ge><lt>2.18.3</lt></range> >+ <range><ge>0</ge><lt>2.17.4</lt></range> >+ </package> >+ <package> >+ <name>git-lite</name> >+ <range><ge>2.26.0</ge><lt>2.26.1</lt></range> >+ <range><ge>2.25.0</ge><lt>2.25.3</lt></range> >+ <range><ge>2.24.0</ge><lt>2.24.2</lt></range> >+ <range><ge>2.23.0</ge><lt>2.23.2</lt></range> >+ <range><ge>2.22.0</ge><lt>2.22.3</lt></range> >+ <range><ge>2.21.0</ge><lt>2.21.2</lt></range> >+ <range><ge>2.20.0</ge><lt>2.20.3</lt></range> >+ <range><ge>2.19.0</ge><lt>2.19.4</lt></range> >+ <range><ge>2.18.0</ge><lt>2.18.3</lt></range> >+ <range><ge>0</ge><lt>2.17.4</lt></range> >+ </package> >+ <package> >+ <name>git-gui</name> >+ <range><ge>2.26.0</ge><lt>2.26.1</lt></range> >+ <range><ge>2.25.0</ge><lt>2.25.3</lt></range> >+ <range><ge>2.24.0</ge><lt>2.24.2</lt></range> >+ <range><ge>2.23.0</ge><lt>2.23.2</lt></range> >+ <range><ge>2.22.0</ge><lt>2.22.3</lt></range> >+ <range><ge>2.21.0</ge><lt>2.21.2</lt></range> >+ <range><ge>2.20.0</ge><lt>2.20.3</lt></range> >+ <range><ge>2.19.0</ge><lt>2.19.4</lt></range> >+ <range><ge>2.18.0</ge><lt>2.18.3</lt></range> >+ <range><ge>0</ge><lt>2.17.4</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>git security advisory reports:</p> >+ <blockquote cite="https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q"> >+ <p>Git uses external "credential helper" programs to store and retrieve passwords or >+ other credentials from secure storage provided by the operating system. >+ Specially-crafted URLs that contain an encoded newline can inject unintended values >+ into the credential helper protocol stream, causing the credential helper to retrieve >+ the password for one server for an HTTP request being made to another >+ server, resulting in credentials for the former being sent to the >+ latter.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <url>https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q</url> >+ <cvename>CVE-2020-5260</cvename> >+ </references> >+ <dates> >+ <discovery>2020-04-14</discovery> >+ <entry>2020-04-22</entry> >+ </dates> >+ </vuln> >+
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=213685">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 245821
: 213685