Bug#804522: jenkins: Unauthenticated remote code execution 0-day in Jenkins CLI
Emmanuel Bourg
ebourg at apache.org
Mon Nov 9 08:45:27 UTC 2015
Le 09/11/2015 09:26, Moritz Muehlenhoff a écrit :
> Indeed, I intended to file a separate bug for those (but I was unsure whether
> jenkins used the system-wide lib as opposed to the released versions from
> jenkins upstream)
libjenkins-java depends on libcommons-collections3-java, but
jenkins-common has jenkins.war which contains commons-collections.jar.
So uploading a new version of libcommons-collections3-java isn't enough,
jenkins has to be rebuilt.
More information about the pkg-java-maintainers
mailing list