Register | Log in

jgit

Choose email to subscribe with

general

source: jgit (main)
version: 6.7.0-2
maintainer: Debian Java Maintainers (archive) (DMD)
uploaders: Jakub Adam [DMD]
arch: all
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.7.1-6
oldstable: 4.11.9-1
stable: 4.11.9-2
testing: 6.7.0-2
unstable: 6.7.0-2

versioned links

3.7.1-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.11.9-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.11.9-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.7.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

jgit-cli
libjgit-ant-java
libjgit-java

action needed

debian/patches: 2 patches to forward upstream low

Among the 5 debian patches available in version 6.7.0-2 of the package, we noticed the following issues:

2 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2024-07-14 23:14

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.7.0).

Created: 2025-02-21 Last update: 2025-02-27 13:24

No known security issue in bookworm wishlist

There is 1 open security issue in bookworm.

1 ignored issue:

CVE-2023-4759: Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem. This can happen on checkout (DirCacheCheckout), merge (ResolveMerger via its WorkingTreeUpdater), pull (PullCommand using merge), and when applying a patch (PatchApplier). This can be exploited for remote code execution (RCE), for instance if the file written outside the working tree is a git filter that gets executed on a subsequent git command. The issue occurs only on case-insensitive filesystems, like the default filesystems on Windows and macOS. The user performing the clone or checkout must have the rights to create symbolic links for the problem to occur, and symbolic links must be enabled in the git configuration. Setting git configuration option core.symlinks = false before checking out avoids the problem. The issue was fixed in Eclipse JGit version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via Maven Central https://repo1.maven.org/maven2/org/eclipse/jgit/ and repo.eclipse.org https://repo.eclipse.org/content/repositories/jgit-releases/ . A backport is available in 5.13.3 starting from 5.13.3.202401111512-r. The JGit maintainers would like to thank RyotaK for finding and reporting this issue.

Created: 2023-09-12 Last update: 2025-02-27 05:02

news

[2024-07-19] jgit 6.7.0-2 MIGRATED to testing (Debian testing watch)
[2024-07-14] Accepted jgit 6.7.0-2 (source) into unstable (Emmanuel Bourg)
[2024-05-19] jgit 6.7.0-1 MIGRATED to testing (Debian testing watch)
[2024-05-13] Accepted jgit 6.7.0-1 (source) into unstable (Pierre Gruet)
[2023-01-28] jgit 4.11.9-2 MIGRATED to testing (Debian testing watch)
[2023-01-22] Accepted jgit 4.11.9-2 (source) into unstable (Pierre Gruet)
[2021-02-07] jgit 4.11.9-1 MIGRATED to testing (Debian testing watch)
[2021-02-01] Accepted jgit 4.11.9-1 (source) into unstable (Emmanuel Bourg)
[2021-01-31] Accepted jgit 4.1.2-1 (source) into unstable (Emmanuel Bourg)
[2018-10-22] jgit 3.7.1-6 MIGRATED to testing (Debian testing watch)
[2018-10-17] Accepted jgit 3.7.1-6 (source) into unstable (Emmanuel Bourg)
[2018-08-15] Accepted jgit 3.7.1-5 (source) into unstable (Emmanuel Bourg)
[2018-04-28] jgit REMOVED from testing (Debian testing watch)
[2016-06-30] jgit 3.7.1-4 MIGRATED to testing (Debian testing watch)
[2016-06-24] Accepted jgit 3.7.1-4 (source all) into unstable (Emmanuel Bourg)
[2016-06-22] Accepted jgit 3.7.1-3 (source all) into unstable (Emmanuel Bourg)
[2016-03-01] jgit 3.7.1-2 MIGRATED to testing (Debian testing watch)
[2016-02-24] Accepted jgit 3.7.1-2 (source all) into unstable (Markus Koschany)
[2015-09-28] jgit 3.7.1-1 MIGRATED to testing (Britney)
[2015-09-22] Accepted jgit 3.7.1-1 (source all) into unstable (Emmanuel Bourg)
[2015-05-10] jgit 3.7.0-1 MIGRATED to testing (Britney)
[2015-05-05] Accepted jgit 3.7.0-1 (source all) into unstable (Jakub Adam) (signed by: tony mancill)
[2014-09-25] jgit 3.4.0-2 MIGRATED to testing (Britney)
[2014-09-19] Accepted jgit 3.4.0-2 (source all) into unstable (Jakub Adam) (signed by: Emmanuel Bourg)
[2014-06-28] jgit 3.4.0-1 MIGRATED to testing (Debian testing watch)
[2014-06-22] Accepted jgit 3.4.0-1 (source all) (Jakub Adam) (signed by: tony mancill)
[2014-05-20] jgit 3.3.2-1 MIGRATED to testing (Debian testing watch)
[2014-05-15] Accepted jgit 3.3.2-1 (source all) (Emmanuel Bourg) (signed by: tony mancill)
[2014-04-01] jgit 3.3.1-1 MIGRATED to testing (Debian testing watch)
[2014-03-27] Accepted jgit 3.3.1-1 (source all) (Jakub Adam) (signed by: tony mancill)

1
2

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 6.7.0-2

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing