Bug#774050: CVE-2014-9390
Emmanuel Bourg
ebourg at apache.org
Tue Dec 30 13:18:52 UTC 2014
Here are the relevant commits to backport:
Always ignore case when forbidding .git in ObjectChecker
https://github.com/eclipse/jgit/commit/07612a6
Disallow ".git." and ".git<space>"
https://github.com/eclipse/jgit/commit/10310bf
Disallow Windows shortname "GIT~1"
https://github.com/eclipse/jgit/commit/a09b1b6
Disallow names potentially mapping to ".git" on HFS+
https://github.com/eclipse/jgit/commit/d476d2f
More information about the pkg-java-maintainers
mailing list