Errata overview
Errata ID 529
Date 2020-04-22
Source package git
Fixed in version 1:2.11.0-3+deb9u6
This update addresses the following issue:
* With a crafted URL that contains a newline, the credential
  helper machinery can be fooled to supply credential information
  for the wrong host.  The attack has been made impossible by
  forbidding a newline character in any value passed via the
  credential protocol. (CVE-2020-5260)
Additional notes
CVE ID CVE-2020-5260
UCS Bug number #51117