Bug#696816: jenkins: Security issues were found in Jenkins core
Nobuhiro Ban
ban.nobuhiro at gmail.com
Sun Dec 30 05:10:22 UTC 2012
clone 696816 -1
reassign -1 jenkins-winstone 0.9.10-jenkins-37+dfsg-1
thanks
Dear Maintainer,
I found upstream "SECURITY-44" (aka CVE-2012-6072) was from Winstone,
and it might be fixed in 0.9.10-jenkins-40.
https://github.com/jenkinsci/jenkins/commit/ad084edb571555e7c5a9bc5b27aba09aac8da98d
>[FIXED SECURITY-44]
> Picked up a new version of Winstone
https://github.com/jenkinsci/winstone/commit/62e890b9589a844553d837d91b5f68eb3dba334e
>[FIXED SECURITY-44]
> Do not allow the webapp to split HTTP header values into multiple lines. Since there's no obvious escaping semantics here, we just drop those characters, which is what Jetty does.
Regards,
Nobuhiro
More information about the pkg-java-maintainers
mailing list