Bug#739067: jenkins: multiple security vulnerabilities
Salvatore Bonaccorso
carnil at debian.org
Fri Feb 21 05:52:17 UTC 2014
Hi,
On Sun, Feb 16, 2014 at 01:45:49AM +0900, Nobuhiro Ban wrote:
> Package: jenkins
> Version: 1.509.2+dfsg-2
> Severity: grave
> Tags: security
>
> Dear Maintainer,
>
> The upstream vendor announced a security advisory.
> In this advisory, some vulnerabilities are rated high severity.
>
> https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
> > SECURITY-105
> > affected by CVE-2013-7285 reported against XStream
> > SECURITY-76 & SECURITY-88 / CVE-2013-5573
> > SECURITY-109
> > SECURITY-108
> > SECURITY-106
> > SECURITY-93
> > SECURITY-89
> > SECURITY-80
> > SECURITY-79
> > SECURITY-77
> > SECURITY-75
> > SECURITY-74
> > SECURITY-73
See http://www.openwall.com/lists/oss-security/2014/02/21/2, where
some CVEs were assigned to identify the issues. Please include the CVE
identifier in the changelog when fixing the corresponding issues.
Regards,
Salvatore
More information about the pkg-java-maintainers
mailing list