Package: git Version: 1:2.20.1-2+deb10u3 Severity: normal Dear Maintainer,
the vulnerability in CVE-2020-11008 is related to the handling of credential helpers in git. In Buster this has been fixed in 1:2.20.1-2+deb10u3. This broke my existing configuration where repositories have credential.helper=store set. This is documented in /usr/share/man/man1/git-credential-store.1.gz and other files from git, git-doc etc. I am unsure how to proceed... is this helper now unsupported? Is this a simple regression that should be fixed? Do other alternatives like git-credential-cache still work or are they broken as well? -- System Information: Debian Release: 10.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'oldstable-updates'), (500, 'stable'), (91, 'testing'), (10, 'unstable'), (5, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.3.0-0.bpo.2-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages git depends on: ii git-man 1:2.20.1-2+deb10u3 ii libc6 2.28-10 ii libcurl3-gnutls 7.64.0-4+deb10u1 ii liberror-perl 0.17027-2 ii libexpat1 2.2.6-2+deb10u1 ii libpcre2-8-0 10.32-5 ii perl 5.28.1-6 ii zlib1g 1:1.2.11.dfsg-1 Versions of packages git recommends: ii ca-certificates 20190110 ii less 487-0.1+b1 ii openssh-client [ssh-client] 1:7.9p1-10+deb10u2 ii patch 2.7.6-3+deb10u1 Versions of packages git suggests: ii gettext-base 0.19.8.1-9 ii git-cvs 1:2.20.1-2+deb10u3 pn git-daemon-run | git-daemon-sysvinit <none> ii git-doc 1:2.20.1-2+deb10u3 pn git-el <none> ii git-email 1:2.20.1-2+deb10u3 pn git-gui <none> pn git-mediawiki <none> ii git-svn 1:2.20.1-2+deb10u3 ii gitk 1:2.20.1-2+deb10u3 pn gitweb <none> -- no debconf information
