On Mon, Nov 09, 2015 at 09:25:20AM +0100, Emmanuel Bourg wrote:
> Hi Moritz,
> If I'm not mistaken this vulnerability is actually linked to a dangerous
> deserialization in commons-collections if the input isn't properly
> sanitized.

Indeed, I intended to file a separate bug for those (but I was  unsure whether 
jenkins used  the system-wide lib as opposed to the released versions from 
jenkins upstream)


This is the maintainer address of Debian's Java team
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to