Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [eclipse.org-committers] Git client vulnerability on Windows, Mac 
The fix is included in the EGit/JGit 3.4.2 and 3.5.3 releases. Here is the
announcement from the egit-dev mailing list.

http://dev.eclipse.org/mhonarc/lists/egit-dev/msg03717.html

- Konstantin


-----Original Message-----
From: eclipse.org-committers-bounces@xxxxxxxxxxx
[mailto:eclipse.org-committers-bounces@xxxxxxxxxxx] On Behalf Of Denis Roy
Sent: Monday, December 22, 2014 1:57 PM
To: eclipse.org-committers@xxxxxxxxxxx
Subject: Re: [eclipse.org-committers] Git client vulnerability on Windows,
Mac

Oh, okay. So our vulnerable Windows and Mac users will know to look there,
build the changes then install them?

Denis


On 12/22/2014 04:48 PM, Ahti Kitsik wrote:
> Hi Denis
>
> I can see that the vulnerability has been fixed in commits from Dec
> 18th:
> https://github.com/eclipse/jgit/commits/master
>
> The fix is also announced at
> http://dev.eclipse.org/mhonarc/lists/jgit-dev/msg02789.html
>
>
> Regards,
> Ahti
> --
> // http://ahtik.com @ahtik
>
> On Mon, Dec 22, 2014, at 05:53 PM, Denis Roy wrote:
>> Greetings!
>>
>> You may be aware of a vulnerability which affects Git clients on 
>> Windows and Mac:
>>
>> https://github.com/blog/1938-vulnerability-announced-update-your-git-
>> clients
>>
>> The article mentions that jGit is affected as well, and that jGit has 
>> issued a maintenance release,  but I'm not sure what happens in 
>> Eclipse-land since the jGit web page doesn't mention a single thing, 
>> and I cannot find anything in Bugzilla.
>>
>>       http://eclipse.org/jgit/
>>
>> I was only able to find this 2-year-old bug related to the issue:
>>
>>       https://bugs.eclipse.org/bugs/show_bug.cgi?id=367248
>>
>> I believe jGit is bundled in all our Eclipse packages that contain 
>> eGit, so I will cc the Eclipse Security team.  If the jGit team has 
>> more information, or if I'm ridiculously off-base on this, please 
>> feel free to add more info.
>>
>>
>>
>> While I have your attention, I'd like to wish everyone a festive 
>> holiday season. Matt and I will be casually monitoring Bugzilla 
>> inboxes to make sure everything is working smoothly during the holiday
shutdown.
>>
>> Denis
>> _______________________________________________
>> eclipse.org-committers mailing list
>> eclipse.org-committers@xxxxxxxxxxx
>> https://dev.eclipse.org/mailman/listinfo/eclipse.org-committers
>>
>> IMPORTANT: Membership in this list is generated by processes internal 
>> to the Eclipse Foundation.  To be permanently removed from this list, 
>> you must contact emo@xxxxxxxxxxx to request removal.
> _______________________________________________
> eclipse.org-committers mailing list
> eclipse.org-committers@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/eclipse.org-committers
>
> IMPORTANT: Membership in this list is generated by processes internal to
the Eclipse Foundation.  To be permanently removed from this list, you must
contact emo@xxxxxxxxxxx to request removal.
>
_______________________________________________
eclipse.org-committers mailing list
eclipse.org-committers@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/eclipse.org-committers

IMPORTANT: Membership in this list is generated by processes internal to the
Eclipse Foundation.  To be permanently removed from this list, you must
contact emo@xxxxxxxxxxx to request removal.

Back to the top