Package: jenkins Version: 1.565.2-2 Severity: grave Tags: security Dear Maintainer,
The upstream vendor announced a security advisory. In this advisory, some vulnerabilities are rated critical severity. https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 >SECURITY-87/CVE-2014-3661 (anonymous DoS attack through CLI handshake) >SECURITY-110/CVE-2014-3662 (User name discovery) >SECURITY-127&128/CVE-2014-3663 (privilege escalation in job configuration >permission) >SECURITY-131/CVE-2014-3664 (directory traversal attack) >SECURITY-138/CVE-2014-3680 (Password exposure in DOM) >SECURITY-143/CVE-2014-3681 (XSS vulnerability in Jenkins core) >SECURITY-150/CVE-2014-3666 (remote code execution from CLI) >SECURITY-155/CVE-2014-3667 (exposure of plugin code) >SECURITY-159/CVE-2013-2186 (arbitrary file system write) >SECURITY-149/CVE-2014-1869 (XSS vulnerabilities in ZeroClipboard) (SECURITY-113 is not about Jenkins core.) Regards, Nobuhiro -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

