Cauldron is fixed with 2.26.1 uploaded Fixes securty issue CVE-2020-5260: With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host. The attack has been made impossible by forbidding a newline character in any value passed via the credential protocol. SRPM: git-2.21.2-1.mga7.src.rpm i586: git-2.21.2-1.mga7.i586.rpm git-arch-2.21.2-1.mga7.i586.rpm git-core-2.21.2-1.mga7.i586.rpm git-core-oldies-2.21.2-1.mga7.i586.rpm git-cvs-2.21.2-1.mga7.i586.rpm git-email-2.21.2-1.mga7.i586.rpm gitk-2.21.2-1.mga7.i586.rpm git-prompt-2.21.2-1.mga7.i586.rpm git-subtree-2.21.2-1.mga7.i586.rpm git-svn-2.21.2-1.mga7.i586.rpm gitweb-2.21.2-1.mga7.i586.rpm libgit-devel-2.21.2-1.mga7.i586.rpm perl-Git-2.21.2-1.mga7.i586.rpm perl-Git-SVN-2.21.2-1.mga7.i586.rpm x86_64: git-2.21.2-1.mga7.x86_64.rpm git-arch-2.21.2-1.mga7.x86_64.rpm git-core-2.21.2-1.mga7.x86_64.rpm git-core-oldies-2.21.2-1.mga7.x86_64.rpm git-cvs-2.21.2-1.mga7.x86_64.rpm git-email-2.21.2-1.mga7.x86_64.rpm gitk-2.21.2-1.mga7.x86_64.rpm git-prompt-2.21.2-1.mga7.x86_64.rpm git-subtree-2.21.2-1.mga7.x86_64.rpm git-svn-2.21.2-1.mga7.x86_64.rpm gitweb-2.21.2-1.mga7.x86_64.rpm lib64git-devel-2.21.2-1.mga7.x86_64.rpm perl-Git-2.21.2-1.mga7.x86_64.rpm perl-Git-SVN-2.21.2-1.mga7.x86_64.rpm
Keywords: (none) => advisory
Summary: Update request: git-2.21.2-1.mga7 => Update request: git-2.21.2-1.mga7 (fixes CVE-2020-5260)
Upstream advisory: https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q
MGA7-64 Plasma on Lenovo B50 No installation issues. Ref bug 22067 Comment 6 for some little test. $ git init Initialized empty Git repository in /home/tester7/.git/ [tester7@mach5 ~ (master)]$ git config --global user.name "tester7" [tester7@mach5 ~ (master)]$ git config --global user.email "herman.viaene@hotmail.be" [tester7@mach5 ~ (master)]$ git add ~/Documents/okra/zwe zwemmen2.ods zwemmen.ods zwemmen.xls zwemmen.xlsx [tester7@mach5 ~ (master)]$ git add ~/Documents/okra/zwemmen.ods Looks all OK. Checked that in the past only one person has doen real tests on a live system: PC LX. Leaving the OK for the expert.
CC: (none) => herman.viaene
works here on 2 systems, and has been running on Mageia infra since it was built...
Whiteboard: (none) => MGA7-64-OK
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0175.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
RedHat has issued an advisory for this on April 21: https://access.redhat.com/errata/RHSA-2020:1511