Package: jenkins
Version: 1.565.2-2
Severity: grave
Tags: security

Dear Maintainer,

The upstream vendor announced a security advisory.
In this advisory, some vulnerabilities are rated critical severity.
>SECURITY-87/CVE-2014-3661 (anonymous DoS attack through CLI handshake)
>SECURITY-110/CVE-2014-3662 (User name discovery)
>SECURITY-127&128/CVE-2014-3663 (privilege escalation in job configuration 
>SECURITY-131/CVE-2014-3664 (directory traversal attack)
>SECURITY-138/CVE-2014-3680 (Password exposure in DOM)
>SECURITY-143/CVE-2014-3681 (XSS vulnerability in Jenkins core)
>SECURITY-150/CVE-2014-3666 (remote code execution from CLI)
>SECURITY-155/CVE-2014-3667 (exposure of plugin code)
>SECURITY-159/CVE-2013-2186 (arbitrary file system write)
>SECURITY-149/CVE-2014-1869 (XSS vulnerabilities in ZeroClipboard)

(SECURITY-113 is not about Jenkins core.)


This is the maintainer address of Debian's Java team
Please use for discussions and questions.

Reply via email to