On Mon, 27 Apr 2020 22:25:10 -0700 Jonathan Nieder <jrnieder@xxxxxxxxx> wrote: > Independently, in Debian's bug tracking system, Stefan (cc-ed) > reports[2]: > > | the vulnerability in CVE-2020-11008 is related to the handling > | of credential helpers in git. In Buster this has been fixed in > | 1:2.20.1-2+deb10u3. This broke my existing configuration where > | repositories have credential.helper=store set. This is > | documented in /usr/share/man/man1/git-credential-store.1.gz > | and other files from git, git-doc etc. > | I am unsure how to proceed... is this helper now unsupported? > > (Stefan, do you have more details? Did you manually populate your > credential store? What error message do you get?) I can't remember for sure - it's literally years ago - but I am pretty sure I did not *populate* it manually initially. However, I might have edited it to separate entries (https vs. smtp) and I might have added additional entries by c&p & editing. I have replaced the one instance of \n\n used for separation with a normal single line break between entries and how it works fine. Before that I got the following output (that's obviously not very helpful if you don't know the whole story :) > git pull > warning: url has no scheme: > fatal: credential url cannot be parsed: > Already up to date. > Current branch master is up to date. -- Kind regards/Mit freundlichen Grüßen, Stefan Tauner
