FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
ced2d47e-8469-11ea-a283-b42e99a1b9c3	malicious URLs may present credentials to wrong server git security advisory reports: Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server for an HTTP request being made to another server, resulting in credentials for the former being sent to the latter. Discovery 2020-04-14 Entry 2020-04-22 git ge 2.26.0 lt 2.26.1 ge 2.25.0 lt 2.25.3 ge 2.24.0 lt 2.24.2 ge 2.23.0 lt 2.23.2 ge 2.22.0 lt 2.22.3 ge 2.21.0 lt 2.21.2 ge 2.20.0 lt 2.20.3 ge 2.19.0 lt 2.19.4 ge 2.18.0 lt 2.18.3 ge 0 lt 2.17.4 git-lite ge 2.26.0 lt 2.26.1 ge 2.25.0 lt 2.25.3 ge 2.24.0 lt 2.24.2 ge 2.23.0 lt 2.23.2 ge 2.22.0 lt 2.22.3 ge 2.21.0 lt 2.21.2 ge 2.20.0 lt 2.20.3 ge 2.19.0 lt 2.19.4 ge 2.18.0 lt 2.18.3 ge 0 lt 2.17.4 git-gui ge 2.26.0 lt 2.26.1 ge 2.25.0 lt 2.25.3 ge 2.24.0 lt 2.24.2 ge 2.23.0 lt 2.23.2 ge 2.22.0 lt 2.22.3 ge 2.21.0 lt 2.21.2 ge 2.20.0 lt 2.20.3 ge 2.19.0 lt 2.19.4 ge 2.18.0 lt 2.18.3 ge 0 lt 2.17.4 https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q CVE-2020-5260
67765237-8470-11ea-a283-b42e99a1b9c3	malicious URLs can cause git to send a stored credential to wrong server git security advisory reports: Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a "blank" pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching any URL, and will return some unspecified stored password, leaking the password to an attacker's server. Discovery 2020-04-20 Entry 2020-04-22 git ge 2.26.0 lt 2.26.2 ge 2.25.0 lt 2.25.4 ge 2.24.0 lt 2.24.3 ge 2.23.0 lt 2.23.3 ge 2.22.0 lt 2.22.4 ge 2.21.0 lt 2.21.3 ge 2.20.0 lt 2.20.4 ge 2.19.0 lt 2.19.5 ge 2.18.0 lt 2.18.4 ge 0 lt 2.17.5 git-lite ge 2.26.0 lt 2.26.2 ge 2.25.0 lt 2.25.4 ge 2.24.0 lt 2.24.3 ge 2.23.0 lt 2.23.3 ge 2.22.0 lt 2.22.4 ge 2.21.0 lt 2.21.3 ge 2.20.0 lt 2.20.4 ge 2.19.0 lt 2.19.5 ge 2.18.0 lt 2.18.4 ge 0 lt 2.17.5 git-gui ge 2.26.0 lt 2.26.2 ge 2.25.0 lt 2.25.4 ge 2.24.0 lt 2.24.3 ge 2.23.0 lt 2.23.3 ge 2.22.0 lt 2.22.4 ge 2.21.0 lt 2.21.3 ge 2.20.0 lt 2.20.4 ge 2.19.0 lt 2.19.5 ge 2.18.0 lt 2.18.4 ge 0 lt 2.17.5 https://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7 CVE-2020-11008

VuXML ID

Description

ced2d47e-8469-11ea-a283-b42e99a1b9c3

malicious URLs may present credentials to wrong server

git security advisory reports:

Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server for an HTTP request being made to another server, resulting in credentials for the former being sent to the latter.

Discovery 2020-04-14
Entry 2020-04-22
git

ge 2.26.0 lt 2.26.1

ge 2.25.0 lt 2.25.3

ge 2.24.0 lt 2.24.2

ge 2.23.0 lt 2.23.2

ge 2.22.0 lt 2.22.3

ge 2.21.0 lt 2.21.2

ge 2.20.0 lt 2.20.3

ge 2.19.0 lt 2.19.4

ge 2.18.0 lt 2.18.3

ge 0 lt 2.17.4

git-lite

ge 2.26.0 lt 2.26.1

ge 2.25.0 lt 2.25.3

ge 2.24.0 lt 2.24.2

ge 2.23.0 lt 2.23.2

ge 2.22.0 lt 2.22.3

ge 2.21.0 lt 2.21.2

ge 2.20.0 lt 2.20.3

ge 2.19.0 lt 2.19.4

ge 2.18.0 lt 2.18.3

ge 0 lt 2.17.4

git-gui

ge 2.26.0 lt 2.26.1

ge 2.25.0 lt 2.25.3

ge 2.24.0 lt 2.24.2

ge 2.23.0 lt 2.23.2

ge 2.22.0 lt 2.22.3

ge 2.21.0 lt 2.21.2

ge 2.20.0 lt 2.20.3

ge 2.19.0 lt 2.19.4

ge 2.18.0 lt 2.18.3

ge 0 lt 2.17.4

https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q
CVE-2020-5260

67765237-8470-11ea-a283-b42e99a1b9c3

malicious URLs can cause git to send a stored credential to wrong server

git security advisory reports:

Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a "blank" pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching any URL, and will return some unspecified stored password, leaking the password to an attacker's server.

Discovery 2020-04-20
Entry 2020-04-22
git

ge 2.26.0 lt 2.26.2

ge 2.25.0 lt 2.25.4

ge 2.24.0 lt 2.24.3

ge 2.23.0 lt 2.23.3

ge 2.22.0 lt 2.22.4

ge 2.21.0 lt 2.21.3

ge 2.20.0 lt 2.20.4

ge 2.19.0 lt 2.19.5

ge 2.18.0 lt 2.18.4

ge 0 lt 2.17.5

git-lite

ge 2.26.0 lt 2.26.2

ge 2.25.0 lt 2.25.4

ge 2.24.0 lt 2.24.3

ge 2.23.0 lt 2.23.3

ge 2.22.0 lt 2.22.4

ge 2.21.0 lt 2.21.3

ge 2.20.0 lt 2.20.4

ge 2.19.0 lt 2.19.5

ge 2.18.0 lt 2.18.4

ge 0 lt 2.17.5

git-gui

ge 2.26.0 lt 2.26.2

ge 2.25.0 lt 2.25.4

ge 2.24.0 lt 2.24.3

ge 2.23.0 lt 2.23.3

ge 2.22.0 lt 2.22.4

ge 2.21.0 lt 2.21.3

ge 2.20.0 lt 2.20.4

ge 2.19.0 lt 2.19.5

ge 2.18.0 lt 2.18.4

ge 0 lt 2.17.5

https://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7
CVE-2020-11008