---
- branch: MAIN
  date: Tue Apr 14 18:27:31 UTC 2020
  files:
  - new: '1.87'
    old: '1.86'
    path: pkgsrc/devel/git/Makefile.version
    pathrev: pkgsrc/devel/git/Makefile.version@1.87
    type: modified
  - new: '1.99'
    old: '1.98'
    path: pkgsrc/devel/git-base/distinfo
    pathrev: pkgsrc/devel/git-base/distinfo@1.99
    type: modified
  id: 20200414T182731Z.665aaced6b0c0922e1bf3194df340c0d7c0fe405
  log: |
    git: Update to 2.26.1

    Changes:
    2.26.1
    ------
    This release is to address the security issue: CVE-2020-5260

     * With a crafted URL that contains a newline in it, the credential
       helper machinery can be fooled to give credential information for
       a wrong host.  The attack has been made impossible by forbidding
       a newline character in any value passed via the credential
       protocol.

    Credit for finding the vulnerability goes to Felix Wilhelm of Google
    Project Zero.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/devel'
  unixtime: '1586888851'
  user: leot