Your message dated Sat, 14 Jan 2012 18:04:54 +0000
with message-id <e1rm7yi-00027k...@franck.debian.org>
and subject line Bug#655553: fixed in jenkins-winstone 0.9.10-jenkins-31+dfsg-1
has caused the Debian Bug report #655553,
regarding jenkins-winstone: Hash DoS vulnerability in Jenkins core
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
655553: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655553
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: jenkins-winstone
Version: 0.9.10-jenkins-29+dfsg-1
Severity: normal
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Jenkin core suffers from the publicised Hash DoS vulnerability:
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-01-10.cb
This requires new releases on jenkins-winstone and
jenkins-executable-war to resolve.
- -- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-8-generic (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJPDqaRAAoJEL/srsug59jD+jEP/1c6T0CEL3jZ+YpLmmzCwkuW
cDcVTc5ebZVIhj1CA4XV7zoFgSWHqVr7Te6SEmgrTPXm+LQUNCto6vfV2Oy8/rij
rAv+i6NYH5b6lg94qqwfpOS4Nc91kprBllouHKnqPpmDZsE3Y6FdOddO2FWmO3c0
5SinhPjbiWQY8dPQOSbxgGeMvyxQ2yuCbQVgrHiNiHc2q1eTwGt+/gR077P3GhK7
v9Ap4+1EHjpl+g630tIgliuv0xH0y0wm5e3bBz54hLHij6S41GUvGmsSpP47G4WL
pJh06UxDLIE/r+nW4SSkGhEKtuoK8p714ah/Ahkj/ly4vEvqyRXyvVLkqPp1BN+w
AeiO/I3a2/blbnO45t26M5PK01iUMB/6ZEgaNMrATb1iTzF/4DCHlD03IdPGEYj8
we5DT5oy0o2/42pWq/h+xMF74p+2MG7RD7hWBwzJGxz2m19HYk4/SXq3EYdmhU3K
7Pa9EWhhG920+4jdhOV1x6YGM37X+/WsFZfdbFCMlPG9x/Xw9V7njqWwTDf4zizh
gMzB3qmdAQS4ZJ8RUZU2HaIHTwvuwgFpQB/gzpjuynvVgZIWPBY31jqaI8loV7o5
YS9DQ3wJ4WxyqXoYj4qNfcL1eKkBPOjfBpIEqyab00W6UgED+7xLt59kvdCDxs1A
kdo4KzoRwefNjmP/aT3I
=AH6O
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: jenkins-winstone
Source-Version: 0.9.10-jenkins-31+dfsg-1
We believe that the bug you reported is fixed in the latest version of
jenkins-winstone, which is due to be installed in the Debian FTP archive:
jenkins-winstone_0.9.10-jenkins-31+dfsg-1.debian.tar.gz
to
main/j/jenkins-winstone/jenkins-winstone_0.9.10-jenkins-31+dfsg-1.debian.tar.gz
jenkins-winstone_0.9.10-jenkins-31+dfsg-1.dsc
to main/j/jenkins-winstone/jenkins-winstone_0.9.10-jenkins-31+dfsg-1.dsc
jenkins-winstone_0.9.10-jenkins-31+dfsg.orig.tar.gz
to main/j/jenkins-winstone/jenkins-winstone_0.9.10-jenkins-31+dfsg.orig.tar.gz
libjenkins-winstone-java-doc_0.9.10-jenkins-31+dfsg-1_all.deb
to
main/j/jenkins-winstone/libjenkins-winstone-java-doc_0.9.10-jenkins-31+dfsg-1_all.deb
libjenkins-winstone-java_0.9.10-jenkins-31+dfsg-1_all.deb
to
main/j/jenkins-winstone/libjenkins-winstone-java_0.9.10-jenkins-31+dfsg-1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 655...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
James Page <james.p...@ubuntu.com> (supplier of updated jenkins-winstone
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 12 Jan 2012 10:25:41 +0100
Source: jenkins-winstone
Binary: libjenkins-winstone-java libjenkins-winstone-java-doc
Architecture: source all
Version: 0.9.10-jenkins-31+dfsg-1
Distribution: unstable
Urgency: low
Maintainer: Debian Java Maintainers
<pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: James Page <james.p...@ubuntu.com>
Description:
libjenkins-winstone-java - Jenkins branch of Winstone servlet container
libjenkins-winstone-java-doc - Documentation for libjenkins-winstone-java
Closes: 655553
Changes:
jenkins-winstone (0.9.10-jenkins-31+dfsg-1) unstable; urgency=low
.
[ James Page ]
* New upstream release:
-
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-01-10.cb
Fix Hash DoS vulnerability with HTTP parameters by restricting the
number of parameters in any HTTP request.
(Closes: #655553, LP: #914628)
.
[ Damien Raude-Morvan ]
* Add DM-Upload-Allowed flag for James Page.
Checksums-Sha1:
60cc8e615d7a9977ddd0c51e34ae5e3a483a6fd8 2429
jenkins-winstone_0.9.10-jenkins-31+dfsg-1.dsc
8465ff7f8d99b136d9e2dcc10e3bafea1c454f40 229437
jenkins-winstone_0.9.10-jenkins-31+dfsg.orig.tar.gz
d2f23a393ce7da3b0fb7a922f9578c7bd93d052c 67905
jenkins-winstone_0.9.10-jenkins-31+dfsg-1.debian.tar.gz
a8150cad63ca26d5dbcc31d7e1c10ddf74650034 338394
libjenkins-winstone-java_0.9.10-jenkins-31+dfsg-1_all.deb
b60095bd90b1cbc94f18e1fe91bce3f6ddd7e8e5 607152
libjenkins-winstone-java-doc_0.9.10-jenkins-31+dfsg-1_all.deb
Checksums-Sha256:
3d4a3915699b3d14546a8e6a9a034a2668e3fc93e77456a08fb773b8735bb696 2429
jenkins-winstone_0.9.10-jenkins-31+dfsg-1.dsc
48f69da28171eb2d0542050e4862cf8b5c4ae4a196576954da9938d489b2c919 229437
jenkins-winstone_0.9.10-jenkins-31+dfsg.orig.tar.gz
090040e59da14d7aa4402816701e83527f27dccc0c1bc9c71b3ddb88ca58a79c 67905
jenkins-winstone_0.9.10-jenkins-31+dfsg-1.debian.tar.gz
1325798a765ca752982bbcae3d2ca2ed48e75ffe5e4d27034ef8482f7f1f4733 338394
libjenkins-winstone-java_0.9.10-jenkins-31+dfsg-1_all.deb
c1fa5ec48aa4e3ecbb946626688c4414100ee508f7d8ddde468f418c826639e2 607152
libjenkins-winstone-java-doc_0.9.10-jenkins-31+dfsg-1_all.deb
Files:
f9594cd5ea7278dee338c7ffcf94ef70 2429 java optional
jenkins-winstone_0.9.10-jenkins-31+dfsg-1.dsc
36cad99823899dc58acf3f64a5f6a103 229437 java optional
jenkins-winstone_0.9.10-jenkins-31+dfsg.orig.tar.gz
e16eb515a66a193bc01ca1bc0cfd205e 67905 java optional
jenkins-winstone_0.9.10-jenkins-31+dfsg-1.debian.tar.gz
f945f95e93bfeadd0fb4344dd0551ac2 338394 java optional
libjenkins-winstone-java_0.9.10-jenkins-31+dfsg-1_all.deb
fcdc6bc03957f2cec419b078ba9eb5dc 607152 doc optional
libjenkins-winstone-java-doc_0.9.10-jenkins-31+dfsg-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJPEb9YAAoJEHXiDM0z50n8ZdEQAK9KZZQWswvBSnWXnaQ2bUSA
VZ65Y95OrhIpbPAF6b+TwIew6ZxGxTo/PexkweWCbzlAVgu4MkpJaXPH7QpJ8/H9
ZzeVjPl1MARx0Y654/ctJ9PyM8vzS8XgxHu2Q1Mwah6G/MM5yrlKc4FAUtbzNGMW
o2rZdux37Ef5x7io29ntE2EZ4y21FrByiKV26TjNj+R+GxnCAKjFkbpGtA+WIPDi
xSsa4gSNAcZFJr55/OvCO8oIIKcBPj/EgxhDuhm+fcf6iwJdN40NxzNtYss23sSv
VbRQVRYIIfn3I8gO/5OvCVa/nGPIAPYbcWSzav8Wds/J+SyvZOmsPjMQx3xJmgRT
dF06lqsWelk7g00zLKEsW1QJTUYfQXSKzL45jdzBxJ26I3Q258lrdS7/SVHhDaiu
HRLaa+AZItyO1J66eusla1+R4p+Tjb+uLoLjGpGjZ8E0fLY9MC1xs10McRiC7F51
AemZ31I4LmAVBYEtFl7dBC9x65Mmor3CLE8HNxLb9IB+hkGHc4zbM78NzIOkBoVy
sn7gXVWeaGGMiYlevx5IEzpGW2y2QcmL+MHbUHjhGjOBBHnA5QYus4AVK5cEazbx
p2lCe/48m7DzkTolHeKCX/lOx0FWRsQ4JzooblksR/SdmdGdw9Oev+RxaYWc1F/t
gRHhpYgeZhesxmhXS0uf
=lVp5
-----END PGP SIGNATURE-----
--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
debian-j...@lists.debian.org for discussions and questions.
