Your message dated Thu, 10 Jan 2013 11:32:38 +0000 with message-id <e1ttgnc-0007zr...@franck.debian.org> and subject line Bug#696974: fixed in jenkins-winstone 0.9.10-jenkins-37+dfsg-2 has caused the Debian Bug report #696974, regarding jenkins: Security issues were found in Jenkins core to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 696974: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696974 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: jenkins Version: 1.447.2+dfsg-2 Severity: grave Tags: security Dear Maintainer, The upstream vendor announced a security advisory, that is rated high severity. See: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20 Regards, Nobuhiro
--- End Message ---
--- Begin Message ---Source: jenkins-winstone Source-Version: 0.9.10-jenkins-37+dfsg-2 We believe that the bug you reported is fixed in the latest version of jenkins-winstone, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 696...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. James Page <james.p...@ubuntu.com> (supplier of updated jenkins-winstone package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 10 Jan 2013 11:03:23 +0000 Source: jenkins-winstone Binary: libjenkins-winstone-java libjenkins-winstone-java-doc Architecture: source all Version: 0.9.10-jenkins-37+dfsg-2 Distribution: unstable Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: James Page <james.p...@ubuntu.com> Description: libjenkins-winstone-java - Jenkins branch of Winstone servlet container libjenkins-winstone-java-doc - Documentation for libjenkins-winstone-java Closes: 696974 Changes: jenkins-winstone (0.9.10-jenkins-37+dfsg-2) unstable; urgency=high . * Fix HTTP splitting vulnerability (Closes: #696974): - d/p/CVE-2012-6072.patch: Cherry picked fix from upstream VCS which prevents HTTP headers being split into multiple lines. - Fixes: CVE-2012-6072 Checksums-Sha1: 34026550b6638e79e8b1816d3aac8e87c4ce9dad 2460 jenkins-winstone_0.9.10-jenkins-37+dfsg-2.dsc 9ac80fddaea0a5e80f15b915cdbedc02837ca213 69008 jenkins-winstone_0.9.10-jenkins-37+dfsg-2.debian.tar.gz e36678f682358aeec5fa131b95f3644a716998d8 356008 libjenkins-winstone-java_0.9.10-jenkins-37+dfsg-2_all.deb e155a5332a34c2c8074f49beb9cc9f02fa324b09 996072 libjenkins-winstone-java-doc_0.9.10-jenkins-37+dfsg-2_all.deb Checksums-Sha256: e8b2c9b805bd18e5fc177d2988bc095edb79f80df0c19880559bb65116cea040 2460 jenkins-winstone_0.9.10-jenkins-37+dfsg-2.dsc 94d2d6bdbf4c4a94267129d639e24e3395f45ac43ad75ac2e538acf9ab1440f4 69008 jenkins-winstone_0.9.10-jenkins-37+dfsg-2.debian.tar.gz 086e2b237da527ef1aa0ce038416b7a874736e16a71779b8d5ab0ba8d301e3e3 356008 libjenkins-winstone-java_0.9.10-jenkins-37+dfsg-2_all.deb 69c5883444b14013b2fce8c2611d2c0401178380c8a67ea7645d9e961a2aa883 996072 libjenkins-winstone-java-doc_0.9.10-jenkins-37+dfsg-2_all.deb Files: 437d570864d231a9490a924806586ccb 2460 java optional jenkins-winstone_0.9.10-jenkins-37+dfsg-2.dsc 70f00bc42f0fc9a918e906d51c4891f9 69008 java optional jenkins-winstone_0.9.10-jenkins-37+dfsg-2.debian.tar.gz 863a9a3522976fa2fba8e9183ba987bf 356008 java optional libjenkins-winstone-java_0.9.10-jenkins-37+dfsg-2_all.deb 4424a054aed69067c0a0929b8fd7121b 996072 doc optional libjenkins-winstone-java-doc_0.9.10-jenkins-37+dfsg-2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJQ7qPCAAoJEL/srsug59jDsH0QAIIw72YflpOjKYkUVQRZz0DD 3eALCsHA75ocwjoER4nbUaCLgr88WQPn8xDcwA4n2PSNWM6/mZpNwylYAj6az3Om Yc8Eq7vW4TkpHqaRs7vbj/Lvx4eHteD4RVp1nQVhiLQUXjjnAtx6Tome13uO4r5F flErW8QMZTBzV3AqmkD90Q5IY91s8zDyCdICnFyWDmYA4wRrjxX3J8K+k/eXAL/p klb/zhQi8Onxu0UDQU9LEQqsbl3/GxlL/ECS/eEO7pGnKRuFBpOfOcCXTZcxME6V jQ9p74NoXNTcXEp8XHBMmM9XFVaYcKHlvW04t4kPKEQSh92s95vtGMbJLcM0l/kv WlqcErrbC2NqZB11/BTiTEhxF/dmxeUiWjesK07ZcjqfsIuMTyKxZmrlyGcv/W0l aBEyqVDmPXI09+fqhTc3l3iP1QdzqjKJLT+hYClmZntv1XSYcOkv7r3OXUV38eLx vFDi+n2oi5aIktMJUDdmGNEsSxQvrye4ZtFAIEb0eQRcXcrSiKX1ksUsoZGmdeAL 0l7t5dmq0d9mj35mp02LOMHqQckQiVLTr1EFjlvJQucczuilqo0AhDTvqa3EWNBk 8s/BwZnT4Kscw7GwQMh64N1wvOlqqu7DYh7n6xFHdYAGfzQ4UOKmj6NcHmh9W7sU dH+xr743hj+gLybeoISe =E2pX -----END PGP SIGNATURE-----
--- End Message ---
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
