stable

git-2.26.1-1.fc32

FEDORA-2020-c6548b488f created by tmz 4 years ago for Fedora 32

Security fix for CVE-2020-5260

From the upstream release notes:

With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host. The attack has been made impossible by forbidding a newline character in any value passed via the credential protocol.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2020-c6548b488f

This update has been submitted for testing by tmz.

4 years ago

This update's test gating status has been changed to 'waiting'.

4 years ago

This update's test gating status has been changed to 'ignored'.

4 years ago

tmz edited this update.

4 years ago

This update has been pushed to testing.

4 years ago
User Icon renault commented & provided feedback 4 years ago
karma

Works fine, no regressions found

User Icon salimma commented & provided feedback 4 years ago
karma

no regressions found

This update can be pushed to stable now if the maintainer wishes

4 years ago
User Icon sedrubal provided feedback 4 years ago
karma

This update has been submitted for stable by bodhi.

4 years ago
User Icon lfc provided feedback 4 years ago
karma
User Icon imabug provided feedback 4 years ago
karma
User Icon mhjacks commented & provided feedback 4 years ago
karma

Looks good to me

User Icon decathorpe commented & provided feedback 4 years ago
karma

Works great, no issues encountered.

This update has been pushed to stable.

4 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
7
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
4 years ago
in testing
4 years ago
in stable
4 years ago
modified
4 years ago
BZ#1822020 CVE-2020-5260 git: Crafted URL containing new lines can cause credential leak
0
0
BZ#1824020 CVE-2020-5260 git: Crafted URL containing new lines can cause credential leak [fedora-all]
0
0

Automated Test Results