Log message:
Pullup ticket #6181 - requested by leot
devel/git-base: security fix

(via patch)

---
   git: Update to 2.25.4

   Changes:
   2.25.4
   ------
   This release is to address the security issue: CVE-2020-11008

    * With a crafted URL that contains a newline or empty host, or lacks
      a scheme, the credential helper machinery can be fooled into
      providing credential information that is not appropriate for the
      protocol in use and host being contacted.

      Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
      credentials are not for a host of the attacker's choosing; instead,
      they are for some unspecified host (based on how the configured
      credential helper handles an absent "host" parameter).

      The attack has been made impossible by refusing to work with
      under-specified credential patterns.

   Credit for finding the vulnerability goes to Carlo Arenas.