Bug#767541: jenkins: CVE-2014-3665
beuc at debian.org
beuc at debian.org
Sun Nov 16 10:26:05 UTC 2014
Hi from the Paris Bugs Squashing Party :)
In order to help people who participate, can you (jenkins' maintainer)
describe what you intend to do, and if help is possible?
>From what I understand:
- The security ~fix is a new slave->master access control system
- Jenkins releases a "LTS" version every 3 months
- Debian currently doesn't ship the current "LTS" from last month, but
the one before, which doesn't seem supported anymore.
- Options that I see are either pushing the current LTS in Debian,
backporting the new access control system, or drop the package.
Let us know what is your suggested course of action.
Cheers!
Sylvain
More information about the pkg-java-maintainers
mailing list