Bug#655554: jenkins-executable-war: Hash DoS vulnerability in Jenkins core

James Page james.page at ubuntu.com
Thu Jan 12 09:25:11 UTC 2012


Package: jenkins-executable-war
Version: 1.22-1
Severity: normal

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Jenkins suffers from the well publicised Hash DoS vulnerability:

http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-01-10.cb

This requires new upstream versions of jenkins-winstone and
jenkins-executable-war.

- -- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-8-generic (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

jenkins-executable-war depends on no packages.

jenkins-executable-war recommends no packages.

Versions of packages jenkins-executable-war suggests:
pn  jenkins-executable-war-doc  <none>

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJPDqb3AAoJEL/srsug59jD1/QQALUO9DStN4fV1bPEz6JLCNaJ
lQLbcFcsp0mKLJTC/5/QgWc9rvEBuJHoSypZchDU+YL7kelL69hE7L980K02iqns
438JaF4jtaTJvqXyOGiizFKlPz5CKuImDWJ3kpAeejhlUImBq/ywD6lHvmFLafj1
Cy5HK9n9bjY7AlsdfSy6Ts6Rwa7IXt3BCi4XjBV88VrTA/CCGWXxBAmJSvz7grYT
olNfhifsIEikvmZEVgT12yYaYjj9U55mp13+tmCa+fNCyh0nGA0kXWDJOJU2qE5N
5JobAem3tc3fkN7KKTpf8a3SCceOS7BHQ/JvzrYOaKOWU6yvpUuxXn168xdKn9Co
3oOJiJ94/TyoZ4ualqLX6yKEf2OVX+JeVKqsZyX0CmVjK8nDanZdWZqQC3YmYDvH
VhDwn4ker5IAbffPigrjsf7AkAFr76ZpGyaivzKxxxxsDUPyP50I+u/SwgjDFzoK
mb87ST3O4mEsYFGy80h/WcmYpu75Q0xomf4IXEKBbY7tVVsaWuFtGBco/p/cP/he
qhyM7WWms5jqQk9IQGfTF7xXV/nezXg7IYtD3YMq1lEF0uy4208MDEDhP2yrgOMg
bf44iBoBnvuotUItETZ2TpRfAenlbPniJmzEs+8JGpgiUOC/9YG0Y/+7E1LQdVV4
eMZangouYRehlMSH8NCi
=Bj2o
-----END PGP SIGNATURE-----





More information about the pkg-java-maintainers mailing list