Overview

File _patchinfo of Package patchinfo.30726

<patchinfo incident="30726">
  <issue tracker="bnc" id="1211955">jsch: update package to a version which support current security algorithms</issue>
  <issue tracker="bnc" id="1209646">jgit fails to start</issue>
  <issue tracker="bnc" id="1215298">VUL-0: CVE-2023-4759: jgit,eclipse-jgit: arbitrary file overwrite</issue>
  <issue tracker="cve" id="2023-4759"/>
  <issue tracker="jsc" id="PED-6376"/>
  <issue tracker="jsc" id="PED-6377"/>
  <packager>fstrba</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for eclipse-jgit, jsch</summary>
  <description>This update for eclipse-jgit, jsch fixes the following issues:

Security fix:
- CVE-2023-4759: Fixed an arbitrary file overwrite which might have occurred with a specially crafted git repository and a case-insensitive filesystem. (bsc#1215298)

Other fixes:
jsch was updated to version 0.2.9:
- Added support for various algorithms
- Migrated from `com.jcraft:jsch` to `com.github.mwiede:jsch` fork (bsc#1211955):
  * Alias to the old artifact since the new one is drop-in
    replacement
  * Keep the old OSGi bundle symbolic name to avoid extensive
    patching of eclipse stack
- Updated to version 0.2.9:
  * For the full list of changes please consult the upstream changelogs below for each version updated:
    + https://github.com/mwiede/jsch/releases/tag/jsch-0.2.9
    + https://github.com/mwiede/jsch/releases/tag/jsch-0.2.8
    + https://github.com/mwiede/jsch/releases/tag/jsch-0.2.7
    + https://github.com/mwiede/jsch/releases/tag/jsch-0.2.6
    + https://github.com/mwiede/jsch/releases/tag/jsch-0.2.5
    + https://github.com/mwiede/jsch/releases/tag/jsch-0.2.4
    + https://github.com/mwiede/jsch/releases/tag/jsch-0.2.3
    + https://github.com/mwiede/jsch/releases/tag/jsch-0.2.2
    + https://github.com/mwiede/jsch/releases/tag/jsch-0.2.1
    + https://github.com/mwiede/jsch/releases/tag/jsch-0.2.0
    + https://github.com/mwiede/jsch/releases/tag/jsch-0.1.71
    + https://github.com/mwiede/jsch/releases/tag/jsch-0.1.70
    + https://github.com/mwiede/jsch/releases/tag/jsch-0.1.69
    + https://github.com/mwiede/jsch/releases/tag/jsch-0.1.68
    + https://github.com/mwiede/jsch/releases/tag/jsch-0.1.67
    + https://github.com/mwiede/jsch/releases/tag/jsch-0.1.66
    + https://github.com/mwiede/jsch/releases/tag/jsch-0.1.65
    + https://github.com/mwiede/jsch/releases/tag/jsch-0.1.64
    + https://github.com/mwiede/jsch/releases/tag/jsch-0.1.63
    + https://github.com/mwiede/jsch/releases/tag/jsch-0.1.62
    + https://github.com/mwiede/jsch/releases/tag/jsch-0.1.61
    + https://github.com/mwiede/jsch/releases/tag/jsch-0.1.60
    + https://github.com/mwiede/jsch/releases/tag/jsch-0.1.59
    + https://github.com/mwiede/jsch/releases/tag/jsch-0.1.58
    + https://github.com/mwiede/jsch/releases/tag/jsch-0.1.57
    + https://github.com/mwiede/jsch/releases/tag/jsch-0.1.56

eclipse-jgit:

- Craft the jgit script from the real Main class of the jar file instead of using a jar launcher (bsc#1209646)

</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places