-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4659-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
April 20, 2020                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : git
CVE ID         : CVE-2020-11008

Carlo Arenas discovered a flaw in git, a fast, scalable, distributed
revision control system. With a crafted URL that contains a newline or
empty host, or lacks a scheme, the credential helper machinery can be
fooled into providing credential information that is not appropriate for
the protocol in use and host being contacted.

For the oldstable distribution (stretch), this problem has been fixed
in version 1:2.11.0-3+deb9u7.

For the stable distribution (buster), this problem has been fixed in
version 1:2.20.1-2+deb10u3.

We recommend that you upgrade your git packages.

For the detailed security status of git please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/git

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl6d7tFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SWfxAAmm57geTYPqOuogi3cUu0XG9Av/FG0EUZBQxF3xPv0g6vaouKs88+XYl2
29fO94OE+HGNvln4eetIOEvcx4Tzl68snoqinz3mUbndugd5MyEz5ckvjfzZdZri
e00bT9D3+ssG3nRDArG2wlduR2QFgjWyrpu4BrCsMEhFV/FQzAGRPdc844PljF1g
hdlUFZULSAPpJla3C7+sWXzpAmSaHwCms2p3jDjLPj2pI6xfg0SzjFCHRd2VYfS3
3mbeqFmBW6ei4hZj8scNY2KLRgW6DHDTU/Aeibues7e0sRwm34qDRwmC+UsHkMQe
nhi3piXECgjE4CiI42OfI/UzOUdM4ANrdSyvlF/XjENdsmNYXfwus3D7JeADfkaa
a0/13eCoVL8WOkwzYa5k/jWSHMPJErku/YEL2OCn9bSLRJ605CLOdB0PwLxkqZ7h
liwjQD0J+o/jyfR43HqPqkR8xFgYoW8W/9cN9GermTO5avi1E/l8zNNhsvdowXVE
8R2KtlGcmGNcjammEoDYcwRkPMLn6OlQbkIB7Pm9D4vn5EAju72wScjNi+iZCdih
AdGydDR8hk6fEva8wiPp5IT2BELp0iP3zb57gnBHVzn1Z7YDsOeskkvgKqsjNpj7
Hy7lATeUyuDr0N6v3ig3ziZDlFI3HvVUUxXNUu0N9JT1aVPWJNo=
=hHX1
-----END PGP SIGNATURE-----