On Mon, Nov 09, 2015 at 09:25:20AM +0100, Emmanuel Bourg wrote: > Hi Moritz, > > If I'm not mistaken this vulnerability is actually linked to a dangerous > deserialization in commons-collections if the input isn't properly > sanitized.
Indeed, I intended to file a separate bug for those (but I was unsure whether jenkins used the system-wide lib as opposed to the released versions from jenkins upstream) Cheers, Moritz __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.