Hi, On Sun, Feb 16, 2014 at 01:45:49AM +0900, Nobuhiro Ban wrote: > Package: jenkins > Version: 1.509.2+dfsg-2 > Severity: grave > Tags: security > > Dear Maintainer, > > The upstream vendor announced a security advisory. > In this advisory, some vulnerabilities are rated high severity. > > https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14 > > SECURITY-105 > > affected by CVE-2013-7285 reported against XStream > > SECURITY-76 & SECURITY-88 / CVE-2013-5573 > > SECURITY-109 > > SECURITY-108 > > SECURITY-106 > > SECURITY-93 > > SECURITY-89 > > SECURITY-80 > > SECURITY-79 > > SECURITY-77 > > SECURITY-75 > > SECURITY-74 > > SECURITY-73
See http://www.openwall.com/lists/oss-security/2014/02/21/2, where some CVEs were assigned to identify the issues. Please include the CVE identifier in the changelog when fixing the corresponding issues. Regards, Salvatore __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.