clone 696816 -1 reassign -1 jenkins-winstone 0.9.10-jenkins-37+dfsg-1 thanks
Dear Maintainer, I found upstream "SECURITY-44" (aka CVE-2012-6072) was from Winstone, and it might be fixed in 0.9.10-jenkins-40. https://github.com/jenkinsci/jenkins/commit/ad084edb571555e7c5a9bc5b27aba09aac8da98d >[FIXED SECURITY-44] > Picked up a new version of Winstone https://github.com/jenkinsci/winstone/commit/62e890b9589a844553d837d91b5f68eb3dba334e >[FIXED SECURITY-44] > Do not allow the webapp to split HTTP header values into multiple lines. > Since there's no obvious escaping semantics here, we just drop those > characters, which is what Jetty does. Regards, Nobuhiro __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use [email protected] for discussions and questions.
