MGASA-2020-0175 - Updated git packages fix security vulnerability

Publication date: 16 Apr 2020
URL: https://advisories.mageia.org/MGASA-2020-0175.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-5260

With a crafted URL that contains a newline in it, the credential helper
machinery can be fooled to give credential information for a wrong host.
The attack has been made impossible by forbidding a newline character in
any value passed via the credential protocol (CVE-2020-5260).

References:
- https://bugs.mageia.org/show_bug.cgi?id=26483
- https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5260

SRPMS:
- 7/core/git-2.21.2-1.mga7