Errata overview
Errata ID 667
Date 2020-04-22
Source package git
Fixed in version 1:2.11.0-3+deb9u6
This update addresses the following issue:
 * With a crafted URL that contains a newline, the credential
   helper machinery can be fooled to supply credential information
   for the wrong host.  The attack has been made impossible by
   forbidding a newline character in any value passed via the
   credential protocol. (CVE-2020-5260)
Additional notes
CVE ID CVE-2020-5260
UCS Bug number #51118