Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [eclipse.org-committers] Git client vulnerability on Windows, Mac 
Hi Denis

I can see that the vulnerability has been fixed in commits from Dec
18th:
https://github.com/eclipse/jgit/commits/master

The fix is also announced at
http://dev.eclipse.org/mhonarc/lists/jgit-dev/msg02789.html


Regards,
Ahti
--
// http://ahtik.com @ahtik

On Mon, Dec 22, 2014, at 05:53 PM, Denis Roy wrote:
> Greetings!
> 
> You may be aware of a vulnerability which affects Git clients on Windows 
> and Mac:
> 
> https://github.com/blog/1938-vulnerability-announced-update-your-git-clients
> 
> The article mentions that jGit is affected as well, and that jGit has 
> issued a maintenance release,  but I'm not sure what happens in 
> Eclipse-land since the jGit web page doesn't mention a single thing, and 
> I cannot find anything in Bugzilla.
> 
>      http://eclipse.org/jgit/
> 
> I was only able to find this 2-year-old bug related to the issue:
> 
>      https://bugs.eclipse.org/bugs/show_bug.cgi?id=367248
> 
> I believe jGit is bundled in all our Eclipse packages that contain eGit, 
> so I will cc the Eclipse Security team.  If the jGit team has more 
> information, or if I'm ridiculously off-base on this, please feel free 
> to add more info.
> 
> 
> 
> While I have your attention, I'd like to wish everyone a festive holiday 
> season. Matt and I will be casually monitoring Bugzilla inboxes to make 
> sure everything is working smoothly during the holiday shutdown.
> 
> Denis
> _______________________________________________
> eclipse.org-committers mailing list
> eclipse.org-committers@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/eclipse.org-committers
> 
> IMPORTANT: Membership in this list is generated by processes internal to
> the Eclipse Foundation.  To be permanently removed from this list, you
> must contact emo@xxxxxxxxxxx to request removal.

Back to the top