#958929 git: Regression due to CVE-2020-11008 fix

Package:
git
Source:
git
Description:
fast, scalable, distributed revision control system
Submitter:
Stefan Tauner
Date:
2025-08-07 08:09:03 UTC
Severity:
important
Tags:
#958929#5
Date:
2020-04-26 19:19:32 UTC
From:
To:
Dear Maintainer,

the vulnerability in CVE-2020-11008 is related to the handling
of credential helpers in git. In Buster this has been fixed in
1:2.20.1-2+deb10u3. This broke my existing configuration where
repositories have credential.helper=store set. This is
documented in /usr/share/man/man1/git-credential-store.1.gz
and other files from git, git-doc etc.
I am unsure how to proceed... is this helper now unsupported?
Is this a simple regression that should be fixed?
Do other alternatives like git-credential-cache still work or
are they broken as well?

#958929#10
Date:
2020-04-28 06:04:03 UTC
From:
To:
severity 958929 important
tags 958929 + upstream
forwarded 958929 https://lore.kernel.org/git/20200428052510.GA201501@google.com/
quit

Stefan Tauner wrote:

The latter --- it's a simple regression.  Let's take this upstream.

Thanks,
Jonathan