Bug#739067: jenkins: multiple security vulnerabilities
Olivier Berger
olivier.berger at telecom-sudparis.eu
Fri Mar 21 14:06:16 UTC 2014
On Fri, Feb 21, 2014 at 06:52:17AM +0100, Salvatore Bonaccorso wrote:
> Hi,
>
> On Sun, Feb 16, 2014 at 01:45:49AM +0900, Nobuhiro Ban wrote:
> > Package: jenkins
> > Version: 1.509.2+dfsg-2
> > Severity: grave
> > Tags: security
> >
> > Dear Maintainer,
> >
> > The upstream vendor announced a security advisory.
> > In this advisory, some vulnerabilities are rated high severity.
> >
> > https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
> > > SECURITY-105
> > > affected by CVE-2013-7285 reported against XStream
> > > SECURITY-76 & SECURITY-88 / CVE-2013-5573
> > > SECURITY-109
> > > SECURITY-108
> > > SECURITY-106
> > > SECURITY-93
> > > SECURITY-89
> > > SECURITY-80
> > > SECURITY-79
> > > SECURITY-77
> > > SECURITY-75
> > > SECURITY-74
> > > SECURITY-73
>
> See http://www.openwall.com/lists/oss-security/2014/02/21/2, where
> some CVEs were assigned to identify the issues. Please include the CVE
> identifier in the changelog when fixing the corresponding issues.
>
FWIW, these are referenced in https://security-tracker.debian.org/tracker/source-package/jenkins
Best regards,
--
Olivier BERGER
http://www-public.telecom-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8
Ingenieur Recherche - Dept INF
Institut Mines-Telecom, Telecom SudParis, Evry (France)
More information about the pkg-java-maintainers
mailing list