Package: git
Version: 1:2.20.1-2+deb10u3
Severity: normal
Dear Maintainer,
the vulnerability in CVE-2020-11008 is related to the handling
of credential helpers in git. In Buster this has been fixed in
1:2.20.1-2+deb10u3. This broke my existing configuration where
repositories have credential.helper=store set. This is
documented in /usr/share/man/man1/git-credential-store.1.gz
and other files from git, git-doc etc.
I am unsure how to proceed... is this helper now unsupported?
Is this a simple regression that should be fixed?
Do other alternatives like git-credential-cache still work or
are they broken as well?
-- System Information:
Debian Release: 10.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'oldstable-updates'), (500,
'stable'), (91, 'testing'), (10, 'unstable'), (5, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.3.0-0.bpo.2-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages git depends on:
ii git-man 1:2.20.1-2+deb10u3
ii libc62.28-10
ii libcurl3-gnutls 7.64.0-4+deb10u1
ii liberror-perl0.17027-2
ii libexpat12.2.6-2+deb10u1
ii libpcre2-8-0 10.32-5
ii perl 5.28.1-6
ii zlib1g 1:1.2.11.dfsg-1
Versions of packages git recommends:
ii ca-certificates 20190110
ii less 487-0.1+b1
ii openssh-client [ssh-client] 1:7.9p1-10+deb10u2
ii patch2.7.6-3+deb10u1
Versions of packages git suggests:
ii gettext-base 0.19.8.1-9
ii git-cvs 1:2.20.1-2+deb10u3
pn git-daemon-run | git-daemon-sysvinit
ii git-doc 1:2.20.1-2+deb10u3
pn git-el
ii git-email 1:2.20.1-2+deb10u3
pn git-gui
pn git-mediawiki
ii git-svn 1:2.20.1-2+deb10u3
ii gitk 1:2.20.1-2+deb10u3
pn gitweb
-- no debconf information