Re: [eclipse.org-committers] Git client vulnerability on Windows, Mac

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [eclipse.org-committers] Git client vulnerability on Windows, Mac

From: Denis Roy <denis.roy@xxxxxxxxxxx>
Date: Mon, 22 Dec 2014 16:56:43 -0500
Delivered-to: eclipse.org-committers@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/eclipse.org-committers>
List-help: <mailto:eclipse.org-committers-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/eclipse.org-committers>, <mailto:eclipse.org-committers-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/eclipse.org-committers>, <mailto:eclipse.org-committers-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0

Oh, okay. So our vulnerable Windows and Mac users will know to lookthere, build the changes then install them?


Denis


On 12/22/2014 04:48 PM, Ahti Kitsik wrote:

Hi Denis

I can see that the vulnerability has been fixed in commits from Dec
18th:
https://github.com/eclipse/jgit/commits/master

The fix is also announced at
http://dev.eclipse.org/mhonarc/lists/jgit-dev/msg02789.html


Regards,
Ahti
--
// http://ahtik.com @ahtik

On Mon, Dec 22, 2014, at 05:53 PM, Denis Roy wrote:

Greetings!

You may be aware of a vulnerability which affects Git clients on Windows
and Mac:

https://github.com/blog/1938-vulnerability-announced-update-your-git-clients

The article mentions that jGit is affected as well, and that jGit has
issued a maintenance release,  but I'm not sure what happens in
Eclipse-land since the jGit web page doesn't mention a single thing, and
I cannot find anything in Bugzilla.

      http://eclipse.org/jgit/

I was only able to find this 2-year-old bug related to the issue:

      https://bugs.eclipse.org/bugs/show_bug.cgi?id=367248

I believe jGit is bundled in all our Eclipse packages that contain eGit,
so I will cc the Eclipse Security team.  If the jGit team has more
information, or if I'm ridiculously off-base on this, please feel free
to add more info.



While I have your attention, I'd like to wish everyone a festive holiday
season. Matt and I will be casually monitoring Bugzilla inboxes to make
sure everything is working smoothly during the holiday shutdown.

Denis
_______________________________________________
eclipse.org-committers mailing list
eclipse.org-committers@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/eclipse.org-committers

IMPORTANT: Membership in this list is generated by processes internal to
the Eclipse Foundation.  To be permanently removed from this list, you
must contact emo@xxxxxxxxxxx to request removal.

_______________________________________________
eclipse.org-committers mailing list
eclipse.org-committers@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/eclipse.org-committers

IMPORTANT: Membership in this list is generated by processes internal to the Eclipse Foundation.  To be permanently removed from this list, you must contact emo@xxxxxxxxxxx to request removal.

Follow-Ups:
- Re: [eclipse.org-committers] Git client vulnerability on Windows, Mac
  - From: Konstantin Komissarchik

References:
- [eclipse.org-committers] Git client vulnerability on Windows, Mac
  - From: Denis Roy
- Re: [eclipse.org-committers] Git client vulnerability on Windows, Mac
  - From: Ahti Kitsik

Prev by Date: Re: [eclipse.org-committers] Git client vulnerability on Windows, Mac
Next by Date: Re: [eclipse.org-committers] Git client vulnerability on Windows, Mac
Previous by thread: Re: [eclipse.org-committers] Git client vulnerability on Windows, Mac
Next by thread: Re: [eclipse.org-committers] Git client vulnerability on Windows, Mac
Index(es):
- Date
- Thread

Breadcrumbs