Bug#697617: jenkins: remote code execution vulnerability

2013-03-01 Thread Salvatore Bonaccorso
Hi On Tue, Jan 08, 2013 at 02:06:39AM +0900, Nobuhiro Ban wrote: Package: jenkins Version: 1.447.2+dfsg-2 Severity: grave Tags: security Dear Maintainer, The upstream vendor announced a security advisory, that is rated critical severity. See:

Bug#697617: jenkins: remote code execution vulnerability

2013-01-30 Thread Guido Günther
Hi James, On Thu, Jan 10, 2013 at 05:03:44PM +, James Page wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/01/13 15:46, Miguel Landaeta wrote: We might want to consider whether updating unstable/testing to 1.480.2 is actually the best way forward at this point in time.

Bug#697617: jenkins: remote code execution vulnerability

2013-01-18 Thread Miguel Landaeta
On Thu, Jan 10, 2013 at 2:29 PM, Miguel Landaeta mig...@miguel.cc wrote: On Thu, Jan 10, 2013 at 2:03 PM, James Page james.p...@ubuntu.com wrote: I'm trying to get some advice from upstream on this - hopefully I'll hear back in the next ~24hrs Good to know, I'll stay tuned. Hi James, is

Bug#697617: jenkins: remote code execution vulnerability

2013-01-10 Thread James Page
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 09/01/13 00:54, Miguel Landaeta wrote: Hi, I'm working in backporting a fix for this issue to this version of Jenkins. It doesn't too hard to do it but I had not tested properly the patch I got. If everything goes well I'll attach a

Bug#697617: jenkins: remote code execution vulnerability

2013-01-10 Thread James Page
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/01/13 15:46, Miguel Landaeta wrote: We might want to consider whether updating unstable/testing to 1.480.2 is actually the best way forward at this point in time. Hi James, I don't know if it is feasible at this point in the release

Bug#697617: jenkins: remote code execution vulnerability

2013-01-10 Thread Miguel Landaeta
On Thu, Jan 10, 2013 at 2:03 PM, James Page james.p...@ubuntu.com wrote: I did much the same for the version in Ubuntu 12.04 (1.424.6); and hit similar issues. The key problem is the extent of the patch to fix this issue and the amount of code change in the TCP/Agent communication area between

Bug#697617: jenkins: remote code execution vulnerability

2013-01-07 Thread Nobuhiro Ban
Package: jenkins Version: 1.447.2+dfsg-2 Severity: grave Tags: security Dear Maintainer, The upstream vendor announced a security advisory, that is rated critical severity. See: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04 Regards, Nobuhiro __ This is

Bug#697617: jenkins: remote code execution vulnerability

2013-01-07 Thread Salvatore Bonaccorso
Control: retitle -1 jenkins: CVE-2013-0158: remote code execution vulnerability Hi On Tue, Jan 08, 2013 at 02:06:39AM +0900, Nobuhiro Ban wrote: Package: jenkins Version: 1.447.2+dfsg-2 Severity: grave Tags: security Dear Maintainer, The upstream vendor announced a security advisory,

Processed: Re: Bug#697617: jenkins: remote code execution vulnerability

2013-01-07 Thread Debian Bug Tracking System
Processing control commands: retitle -1 jenkins: CVE-2013-0158: remote code execution vulnerability Bug #697617 [jenkins] jenkins: remote code execution vulnerability Changed Bug title to 'jenkins: CVE-2013-0158: remote code execution vulnerability' from 'jenkins: remote code execution