File _patchinfo of Package patchinfo.14813

<patchinfo incident="14813">
  <issue tracker="bnc" id="1170302">When git-daemon is installed there is no option to enable access for it in firewall configuration</issue>
  <issue tracker="bnc" id="1168930">VUL-0: CVE-2020-5260: git: credentials leak via newline characters in URLs</issue>
  <issue tracker="bnc" id="1170741">[regression] git 2.26 fetches way more data than required</issue>
  <issue tracker="bnc" id="1149792">openssl 1.1.1c causes build failures in other packages</issue>
  <issue tracker="bnc" id="1170939">git: synchronize versions of git in SUSE-SLE-12_Update, SUSE-SLE-15_Update and Factory</issue>
  <issue tracker="bnc" id="1169605">git-daemon fails to start from error in git-daemon.service</issue>
  <issue tracker="bnc" id="1169786">ECO-1628 git for SLES 15 with SHA256 support</issue>
  <issue tracker="bnc" id="1169936">VUL-0: CVE-2020-11008: git: improper URL validation might lead to credential information</issue>
  <issue tracker="cve" id="2020-5260"/>
  <issue tracker="cve" id="2020-11008"/>
  <issue tracker="jsc" id="SLE-12396"/>
  <packager>mcalabkova</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for git</summary>
  <description>This update for git to 2.26.2 fixes the following issues:

Security issue fixed:

- CVE-2020-11008: Specially crafted URLs may have tricked the credentials helper 
  to providing credential information that is not appropriate for the protocol 
  in use and host being contacted (bsc#1169936).

Non-security issue fixed:

- Fixed git-daemon not starting after conversion from sysvinit to systemd service (bsc#1169605).
- Enabled access for git-daemon in firewall configuration (bsc#1170302).
- Fixed problems with recent switch to protocol v2, which caused fetches transferring unreasonable amount of data (bsc#1170741).
</description>
</patchinfo>