| Errata ID | 667 |
|---|---|
| Date | 2020-04-22 |
| Source package | git |
| Fixed in version | 1:2.11.0-3+deb9u6 |
| Description | This update addresses the following issue: * With a crafted URL that contains a newline, the credential helper machinery can be fooled to supply credential information for the wrong host. The attack has been made impossible by forbidding a newline character in any value passed via the credential protocol. (CVE-2020-5260) |
| Additional notes | |
| CVE ID | CVE-2020-5260 |
| UCS Bug number | #51118 |
