Re: [jgit-dev] vulnerability with .config?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jgit-dev] vulnerability with .config?

From: Matthias Sohn <matthias.sohn@xxxxxxxxx>
Date: Fri, 19 Dec 2014 12:47:46 +0100
Delivered-to: jgit-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jgit-dev>
List-help: <mailto:jgit-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jgit-dev>, <mailto:jgit-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jgit-dev>, <mailto:jgit-dev-request@eclipse.org?subject=unsubscribe>

On Fri, Dec 19, 2014 at 11:43 AM, François Rey <fr@xxxxxxxxxxxxxxxxx> wrote:

Hi there,
Just wondering, is there anything that needs to be done to mitigate this vulnerability:
https://github.com/blog/1938-git-client-vulnerability-announced
I would assume jgit require the same fix.

we shipped fixed JGit & EGit versions yesterday evening simultaneously with all the other

git implementations as mentioned in the github post you referred to ;-)

https://dev.eclipse.org/mhonarc/lists/jgit-dev/msg02789.html

Matthias

References:
- [jgit-dev] vulnerability with .config?
  - From: François Rey

Prev by Date: [jgit-dev] vulnerability with .config?
Next by Date: [jgit-dev] [Announce] JGit / EGit 3.6.0.201412230720-r release
Previous by thread: [jgit-dev] vulnerability with .config?
Next by thread: [jgit-dev] [Announce] JGit / EGit 3.6.0.201412230720-r release
Index(es):
- Date
- Thread

Breadcrumbs