Package: git
Version: 1:2.0~next.20140214-1
Severity: important
Tags: upstream
Output from using GIT_CURL_VERBOSE=1 to debug git-over-http includes
unredacted Cookie and Authorization header fields. People trying to
debug therefore leak their credentials too easily.
It would be better to
(a) leave out the Cookie and Authorization headers completely, or
(b) censor them (e.g., apply a custom regex substitution to Cookie
fields; redact whatever comes after 'Basic' for Authorization
fields)
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
