FreeBSD Bugzilla – Attachment 213686 Details for
Bug 245822
security/vuxml CVE-2020-11008
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
add CVE-2020-11008 to vuxml
cve-2020-11008.diff (text/plain), 2.85 KB, created by
rob2g2
on 2020-04-22 13:12:26 UTC
(
hide
)
Description:
add CVE-2020-11008 to vuxml
Filename:
MIME Type:
Creator:
rob2g2
Created:
2020-04-22 13:12:26 UTC
Size:
2.85 KB
patch
obsolete
>--- vuln2.xml Wed Apr 22 15:07:39 2020 >+++ vuln.xml Wed Apr 22 15:08:54 2020 >@@ -60,0 +61,66 @@ >+ <vuln vid="67765237-8470-11ea-a283-b42e99a1b9c3"> >+ <topic>malicious URLs can cause git to send a stored credential to wrong server</topic> >+ <affects> >+ <package> >+ <name>git</name> >+ <range><ge>2.26.0</ge><lt>2.26.2</lt></range> >+ <range><ge>2.25.0</ge><lt>2.25.4</lt></range> >+ <range><ge>2.24.0</ge><lt>2.24.3</lt></range> >+ <range><ge>2.23.0</ge><lt>2.23.3</lt></range> >+ <range><ge>2.22.0</ge><lt>2.22.4</lt></range> >+ <range><ge>2.21.0</ge><lt>2.21.3</lt></range> >+ <range><ge>2.20.0</ge><lt>2.20.4</lt></range> >+ <range><ge>2.19.0</ge><lt>2.19.5</lt></range> >+ <range><ge>2.18.0</ge><lt>2.18.4</lt></range> >+ <range><ge>0</ge><lt>2.17.5</lt></range> >+ </package> >+ <package> >+ <name>git-lite</name> >+ <range><ge>2.26.0</ge><lt>2.26.2</lt></range> >+ <range><ge>2.25.0</ge><lt>2.25.4</lt></range> >+ <range><ge>2.24.0</ge><lt>2.24.3</lt></range> >+ <range><ge>2.23.0</ge><lt>2.23.3</lt></range> >+ <range><ge>2.22.0</ge><lt>2.22.4</lt></range> >+ <range><ge>2.21.0</ge><lt>2.21.3</lt></range> >+ <range><ge>2.20.0</ge><lt>2.20.4</lt></range> >+ <range><ge>2.19.0</ge><lt>2.19.5</lt></range> >+ <range><ge>2.18.0</ge><lt>2.18.4</lt></range> >+ <range><ge>0</ge><lt>2.17.5</lt></range> >+ </package> >+ <package> >+ <name>git-gui</name> >+ <range><ge>2.26.0</ge><lt>2.26.2</lt></range> >+ <range><ge>2.25.0</ge><lt>2.25.4</lt></range> >+ <range><ge>2.24.0</ge><lt>2.24.3</lt></range> >+ <range><ge>2.23.0</ge><lt>2.23.3</lt></range> >+ <range><ge>2.22.0</ge><lt>2.22.4</lt></range> >+ <range><ge>2.21.0</ge><lt>2.21.3</lt></range> >+ <range><ge>2.20.0</ge><lt>2.20.4</lt></range> >+ <range><ge>2.19.0</ge><lt>2.19.5</lt></range> >+ <range><ge>2.18.0</ge><lt>2.18.4</lt></range> >+ <range><ge>0</ge><lt>2.17.5</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>git security advisory reports:</p> >+ <blockquote cite="https://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7"> >+ <p>Git uses external "credential helper" programs to store and retrieve passwords or >+ other credentials from secure storage provided by the operating system. Specially-crafted >+ URLs that are considered illegal as of the recently published Git versions can cause Git >+ to send a "blank" pattern to helpers, missing hostname and protocol fields. Many helpers >+ will interpret this as matching any URL, and will return some unspecified stored password, >+ leaking the password to an attacker's server.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <url>https://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7</url> >+ <cvename>CVE-2020-11008</cvename> >+ </references> >+ <dates> >+ <discovery>2020-04-20</discovery> >+ <entry>2020-04-22</entry> >+ </dates> >+ </vuln> >+
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=213686">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 245822
: 213686