|Re: [eclipse.org-committers] Git client vulnerability on Windows, Mac|
Hi Denis I can see that the vulnerability has been fixed in commits from Dec 18th: https://github.com/eclipse/jgit/commits/master The fix is also announced at http://dev.eclipse.org/mhonarc/lists/jgit-dev/msg02789.html Regards, Ahti -- // http://ahtik.com @ahtik On Mon, Dec 22, 2014, at 05:53 PM, Denis Roy wrote: > Greetings! > > You may be aware of a vulnerability which affects Git clients on Windows > and Mac: > > https://github.com/blog/1938-vulnerability-announced-update-your-git-clients > > The article mentions that jGit is affected as well, and that jGit has > issued a maintenance release, but I'm not sure what happens in > Eclipse-land since the jGit web page doesn't mention a single thing, and > I cannot find anything in Bugzilla. > > http://eclipse.org/jgit/ > > I was only able to find this 2-year-old bug related to the issue: > > https://bugs.eclipse.org/bugs/show_bug.cgi?id=367248 > > I believe jGit is bundled in all our Eclipse packages that contain eGit, > so I will cc the Eclipse Security team. If the jGit team has more > information, or if I'm ridiculously off-base on this, please feel free > to add more info. > > > > While I have your attention, I'd like to wish everyone a festive holiday > season. Matt and I will be casually monitoring Bugzilla inboxes to make > sure everything is working smoothly during the holiday shutdown. > > Denis > _______________________________________________ > eclipse.org-committers mailing list > eclipse.org-committers@xxxxxxxxxxx > https://dev.eclipse.org/mailman/listinfo/eclipse.org-committers > > IMPORTANT: Membership in this list is generated by processes internal to > the Eclipse Foundation. To be permanently removed from this list, you > must contact emo@xxxxxxxxxxx to request removal.
Back to the top