Bug#767541: jenkins: CVE-2014-3665
Control: severity -1 important jenkins/1.565.3-3 has been uploaded in unstable and unblocked for Jessie with a note about this issue in the README file and a warning in the user interface. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#767541: jenkins: CVE-2014-3665
Processing control commands: severity -1 important Bug #767541 [src:jenkins] jenkins: CVE-2014-3665 Severity set to 'important' from 'grave' -- 767541: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767541 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#767541: jenkins: CVE-2014-3665
Hi Emmanuel, Emmanuel Bourg wrote (16 Nov 2014 12:06:07 GMT) : The new LTS is probably too big to be pushed to testing now. As an alternative I'm considering either disabling the master/slave mechanism, or adding a big red warning in the UI to inform the user about the risks. Disabling the master/slave mechanism by default sounds good, as long as there are means for users to re-enable it (I assume that's what you meant, but let's make it clear). Cheers, -- intrigeri -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#767541: jenkins: CVE-2014-3665
Hi from the Paris Bugs Squashing Party :) In order to help people who participate, can you (jenkins' maintainer) describe what you intend to do, and if help is possible? From what I understand: - The security ~fix is a new slave-master access control system - Jenkins releases a LTS version every 3 months - Debian currently doesn't ship the current LTS from last month, but the one before, which doesn't seem supported anymore. - Options that I see are either pushing the current LTS in Debian, backporting the new access control system, or drop the package. Let us know what is your suggested course of action. Cheers! Sylvain -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#767541: jenkins: CVE-2014-3665
Hi Sylvain, Le 16/11/2014 11:26, b...@debian.org a écrit : Hi from the Paris Bugs Squashing Party :) Thank you for helping! In order to help people who participate, can you (jenkins' maintainer) describe what you intend to do, and if help is possible? - The security ~fix is a new slave-master access control system - Jenkins releases a LTS version every 3 months - Debian currently doesn't ship the current LTS from last month, but the one before, which doesn't seem supported anymore. - Options that I see are either pushing the current LTS in Debian, backporting the new access control system, or drop the package. Let us know what is your suggested course of action. The new LTS is probably too big to be pushed to testing now. As an alternative I'm considering either disabling the master/slave mechanism, or adding a big red warning in the UI to inform the user about the risks. Emmanuel Bourg -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
