package/git: security bump to version 2.43.6

Fixes the following vulnerabilities:

 - CVE-2024-50349:

   Printing unsanitized URLs when asking for credentials made the
   user susceptible to crafted URLs (e.g. in recursive clones) that
   mislead the user into typing in passwords for trusted sites that
   would then be sent to untrusted sites instead.

 - CVE-2024-52006

   Git may pass on Carriage Returns via the credential protocol to
   credential helpers which use line-reading functions that
   interpret said Carriage Returns as line endings, even though Git
   did not intend that.

For more details, see the announcement:
https://lore.kernel.org/git/xmqq5xmh46oc.fsf@gitster.g/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/git/git.hash

@@ -1,5 +1,5 @@
 # From: https://www.kernel.org/pub/software/scm/git/sha256sums.asc
-sha256  8b7cc3db84c5c6a2eeb39c63686ff5cde26278e32bb0d2226a8b424488420b98  git-2.43.5.tar.xz
+sha256  25f329439ebcc8a6fe160a5600499f6a179c784d8efa4d50d54e5d77a4d13a62  git-2.43.6.tar.xz
 # Locally calculated
 sha256  5b2198d1645f767585e8a88ac0499b04472164c0d2da22e75ecf97ef443ab32e  COPYING
 sha256  1922f45d2c49e390032c9c0ba6d7cac904087f7cec51af30c2b2ad022ce0e76a  LGPL-2.1

package/git/git.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GIT_VERSION = 2.43.5
+GIT_VERSION = 2.43.6
 GIT_SOURCE = git-$(GIT_VERSION).tar.xz
 GIT_SITE = $(BR2_KERNEL_MIRROR)/software/scm/git
 GIT_LICENSE = GPL-2.0, LGPL-2.1+