Regarding the recent discovery of a vulnerability in git

54 views
Skip to first unread message

thomasmu...@yahoo.com

unread,
May 29, 2018, 7:45:37 PM5/29/18
to Repo and Gerrit Discussion

Jonathan Nieder

unread,
May 29, 2018, 7:55:43 PM5/29/18
to thomasmu...@yahoo.com, Repo and Gerrit Discussion
Hi,


At https://bugs.eclipse.org/535027 we found that JGit names directories in .git/modules/ after the submodule path instead of the submodule name. That's itself a bug, but it makes JGit not vulnerable, since paths in a Git tree object cannot contain a .. component.

Jonathan

вт, 29 мая 2018 г. в 16:45, thomasmulhall410 via Repo and Gerrit Discussion <repo-d...@googlegroups.com>:

--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en

---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

thomasmu...@yahoo.com

unread,
May 29, 2018, 7:59:51 PM5/29/18
to Repo and Gerrit Discussion
Will jgit be updated in 2.14, 2.15 and master?

Jonathan Nieder

unread,
May 29, 2018, 8:01:08 PM5/29/18
to thomasmu...@yahoo.com, Repo and Gerrit Discussion
What update do you have in mind? Would you mind commenting in Eclipse bugzilla with more detail?

вт, 29 мая 2018 г. в 16:59, thomasmulhall410 via Repo and Gerrit Discussion <repo-d...@googlegroups.com>:
Will jgit be updated in 2.14, 2.15 and master?


On Wednesday, May 30, 2018 at 12:45:37 AM UTC+1, thomasmu...@yahoo.com wrote:

--

thomasmu...@yahoo.com

unread,
May 29, 2018, 8:04:03 PM5/29/18
to Repo and Gerrit Discussion
Oh, re reading https://bugs.eclipse.org/bugs/show_bug.cgi?id=535027 it shows that jgit is not affected, nvm.

though there's this only change https://git.eclipse.org/r/c/123252/ link from there.
Reply all
Reply to author
Forward
0 new messages