[Git][security-tracker-team/security-tracker][master] dla: drop jgit
Sylvain Beucler (@beuc)
gitlab at salsa.debian.org
Fri Jul 18 10:06:16 BST 2025
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
721135ee by Sylvain Beucler at 2025-07-18T11:05:46+02:00
dla: drop jgit
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -184838,7 +184838,7 @@ CVE-2023-4913 (Cross-site Scripting (XSS) - Reflected in GitHub repository cecil
CVE-2023-4759 (Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, al ...)
- jgit 6.7.0-1 (bug #1055853)
[bookworm] - jgit <ignored> (Minor issue)
- [bullseye] - jgit <no-dsa> (Minor issue)
+ [bullseye] - jgit <ignored> (Minor issue; only affects case-insensitive filesystems; risk doesn't warrant complex backport)
[buster] - jgit <no-dsa> (Minor issue. Only case-insensitive filesystems are affected)
NOTE: https://git.eclipse.org/c/jgit/jgit.git/commit/?id=9072103f3b3cf64dd12ad2949836ab98f62dabf1 (v6.6.1.202309021850-r)
NOTE: https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/11
=====================================
data/dla-needed.txt
=====================================
@@ -174,13 +174,6 @@ icingaweb2
jackson-core
NOTE: 20250707: Added by Front-Desk (apo)
--
-jgit
- NOTE: 20250614: Added by Front-Desk (rouca)
- NOTE: 20250717: Attempted to rebase upstream backport for 5.13, but encountered a lot of conflicts.
- NOTE: 20250717: The patch also brings in a lot of new code, which makes it even more difficult to review.
- NOTE: 20250717: I have produced a partial backport that probably doesn’t compile and needs a lot of more work.
- NOTE: 20250717: See <https://salsa.debian.org/java-team/eclipse-jgit/-/commit/67eeac4f> (andrewsh)
---
knot-resolver
NOTE: 20240924: Added by Front-Desk (lamby)
NOTE: 20250506: Writting to upstream to get a PoC to reproduce open CVEs.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/721135eefca45181018b057ca43a14a60054cd96
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/721135eefca45181018b057ca43a14a60054cd96
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250718/03404e1c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list