Subject: CVS commit: pkgsrc/devel
From: Leonardo Taccari
Date: 2020-04-14 20:27:31
Message id: 20200414182731.B4FD1FB27@cvs.NetBSD.org

Log Message:
git: Update to 2.26.1

Changes:
2.26.1
------
This release is to address the security issue: CVE-2020-5260

 * With a crafted URL that contains a newline in it, the credential
   helper machinery can be fooled to give credential information for
   a wrong host.  The attack has been made impossible by forbidding
   a newline character in any value passed via the credential
   protocol.

Credit for finding the vulnerability goes to Felix Wilhelm of Google
Project Zero.

Files:
RevisionActionfile
1.99modifypkgsrc/devel/git-base/distinfo
1.87modifypkgsrc/devel/git/Makefile.version