[Secure-testing-commits] r29244 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Fri Oct 3 19:44:16 UTC 2014


Author: carnil
Date: 2014-10-03 19:44:15 +0000 (Fri, 03 Oct 2014)
New Revision: 29244

Modified:
   data/CVE/list
Log:
Mark various CVEs for jenkins as fixed in unstable

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-10-03 19:40:58 UTC (rev 29243)
+++ data/CVE/list	2014-10-03 19:44:15 UTC (rev 29244)
@@ -8315,11 +8315,10 @@
 	RESERVED
 CVE-2014-3681 [SECURITY-143: XSS vulnerability in Jenkins core]
 	RESERVED
-	- jenkins <undetermined>
+	- jenkins 1.565.3-1 (bug #763899)
 CVE-2014-3680 [SECURITY-138: Password exposure in DOM]
 	RESERVED
-	- jenkins <undetermined>
-	TODO: check
+	- jenkins 1.565.3-1 (bug #763899)
 CVE-2014-3679
 	RESERVED
 CVE-2014-3678
@@ -8346,30 +8345,24 @@
 	RESERVED
 CVE-2014-3667 [SECURITY-155: exposure of plugin code]
 	RESERVED
-	- jenkins <undetermined>
-	TODO: check
+	- jenkins 1.565.3-1 (bug #763899)
 CVE-2014-3666 [SECURITY-150: remote code execution from CLI]
 	RESERVED
-	- jenkins <undetermined>
-	TODO: check
+	- jenkins 1.565.3-1 (bug #763899)
 CVE-2014-3665
 	RESERVED
 CVE-2014-3664 [SECURITY-131: directory traversal attack]
 	RESERVED
-	- jenkins <undetermined>
-	TODO: check
+	- jenkins 1.565.3-1 (bug #763899)
 CVE-2014-3663 [SECURITY-127/SECURITY-128: privilege escalation in job configuration permission]
 	RESERVED
-	- jenkins <undetermined>
-	TODO: check
+	- jenkins 1.565.3-1 (bug #763899)
 CVE-2014-3662 [SECURITY-110: User name discovery]
 	RESERVED
-	- jenkins <undetermined>
-	TODO: check
+	- jenkins 1.565.3-1 (bug #763899)
 CVE-2014-3661 [SECURITY-87: anonymous DoS attack through CLI handshake]
 	RESERVED
-	- jenkins <undetermined>
-	TODO: check
+	- jenkins 1.565.3-1 (bug #763899)
 CVE-2014-3660
 	RESERVED
 CVE-2014-3659
@@ -13266,6 +13259,7 @@
 	NOT-FOR-US: Opera
 CVE-2014-1869 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	- db4o <unfixed> (unimportant)
+	- jenkins 1.565.3-1 (bug #763899)
 	NOTE: in -doc package
 CVE-2013-7329 [information disclosure]
 	RESERVED
@@ -31483,6 +31477,7 @@
 CVE-2013-2186 (The DiskFileItem class in Apache Commons FileUpload, as used in Red ...)
 	{DSA-2827-1}
 	- libcommons-fileupload-java 1.3-2.1 (bug #726601)
+	- jenkins 1.565.3-1 (bug #763899)
 CVE-2013-2185 (** DISPUTED ** The readObject method in the DiskFileItem class in ...)
 	NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=974813




More information about the Secure-testing-commits mailing list