Bug#696816: jenkins: Security issues were found in Jenkins core

[James Page]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Steve

On 25/01/13 15:18, Steven McDonald wrote:
> The issue was raised on debian-devel[0] that this bug still
> affects unstable and is causing jenkins to be a candidate for
> removal from wheezy. I have backported the fixes for these issues
> from upstream git; they are attached to this e-mail as separate
> quilt patches for the sake of cleanliness.

Thanks for the patches.

> I have also uploaded a source NMU package[1] to
> mentors.debian.net, which I intend to seek sponsorship for if I
> don't get a reply to this bug report within 72 hours (as the
> deadline given by the Release Team for removal from testing is 31st
> January).

I'll get a new version uploaded to unstable today; note that jenkins
is also effected by another security vulnerability (see [0]) which I
am currently waiting on upstream for a backported fix (its big).

Thanks

James

[0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697617

- -- 
James Page
Ubuntu Core Developer
Debian Maintainer
james.page at ubuntu.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCAAGBQJRB7wfAAoJEL/srsug59jDnX8P/1JftdCtKAeVDocwyoz9vzWZ
TkPurLAds5tU1lfp3adn41BpVnvzkuzDkT09yfYZlupqT8I14DfY0jSyCdCx/IrB
q2D9Rl7if3OQTq5cNgVAAzdg9LLyo9b2Pyj97N1B0zUTjDZTYwSlYE+alj7AuXcq
ahdDxNXCE46ZWfqwD+jpBjo4LRcdk/wL8zodu4rvBNFT6bfYV61yWNcrHg8g0eRm
abQHngL3C/yM6hUKSXWp/nurQmZLa/8gG4V1TV8Oal1JbhHakCyUDtxDMTjupmbU
J4QpN6wAdGndkzx+r85FoM4NqvoWRCUB8RCN4JOWF9zsK2hAVPceCMaf20+zH71j
+Ro42JytCbis9vlJfKkJqQnNaHcx7QL8xAykgSlIRdmDx9AdbGAWB7M5CMMtGJvW
3LXcFvcWHBKltqsvbG4/gwn/BR7bN0tZXQoquzYzjpT9qsiPf9oXt3KhPcFI0NO0
TtEltRdQ3NkT5cEBFVd0Cjz4qrsLIgRehJ0Tn+DK+TaCfXOarwExdqx1KrxwN0oO
IR0OMcW+nsxBI6IBCQkxtJ+MS+KNlQQA79XnYEnu1QyG5uJF6ibiV3+NJ1O3Aa4G
6Cq9ghV1lNwzj12CAoOkIZ+em+U2BZ2aHkC5LNC7gD4cMG78mgB5oQiuX26Lu5nc
8GE5eDO4br+DTV6Qdz3g
=jvHr
-----END PGP SIGNATURE-----