[Bug 954960] Re: [FFe] XSS vulnerability in Jenkins

Jamie as precise is now released I'm not going to backport this fix to 11.10. TBH upstream is now two LTS releases further on from the one in Oneiric. For those that don't want to upgrade yet I have backported the 12.04 packages to PPA ppa:hudson-ubuntu/backports ** Changed in: jenkins

[Bug 954960] Re: [FFe] XSS vulnerability in Jenkins

James, were you still planning on providing an updated for 11.10? ** Changed in: jenkins (Ubuntu Oneiric) Status: Confirmed = Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/954960

[Bug 954960] Re: [FFe] XSS vulnerability in Jenkins

** Changed in: jenkins (Debian) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/954960 Title: [FFe] XSS vulnerability in Jenkins To manage notifications about

[Bug 954960] Re: [FFe] XSS vulnerability in Jenkins

** Branch linked: lp:ubuntu/owasp-java-html-sanitizer -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/954960 Title: [FFe] XSS vulnerability in Jenkins To manage notifications about this bug go to:

[Bug 954960] Re: [FFe] XSS vulnerability in Jenkins

This bug was fixed in the package jenkins - 1.424.6+dfsg-0ubuntu1 --- jenkins (1.424.6+dfsg-0ubuntu1) precise; urgency=low * New upstream release, fixing XSS security vulnerability (LP: #954960): - d/control: Add new dependency on libowasp-java-html-sanitizer-java. -

[Bug 954960] Re: [FFe] XSS vulnerability in Jenkins

** Changed in: jenkins (Ubuntu Oneiric) Assignee: (unassigned) = James Page (james-page) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/954960 Title: [FFe] XSS vulnerability in Jenkins To

[Bug 954960] Re: [FFe] XSS vulnerability in Jenkins

** Branch linked: lp:ubuntu/jenkins -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/954960 Title: [FFe] XSS vulnerability in Jenkins To manage notifications about this bug go to:

[Bug 954960] Re: [FFe] XSS vulnerability in Jenkins

** Changed in: jenkins (Debian) Status: Unknown = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/954960 Title: [FFe] XSS vulnerability in Jenkins To manage notifications about this

[Bug 954960] Re: [FFe] XSS vulnerability in Jenkins

Hi James, thanks for the comprehensive report. This makes total sense, and needs to be fixed regardless. Uploading a srcNEW is clearly the most sensible choice. Thanks. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 954960] Re: [FFe] XSS vulnerability in Jenkins

** Changed in: jenkins (Ubuntu Precise) Importance: Medium = High ** Changed in: jenkins (Ubuntu Oneiric) Importance: Medium = High ** Changed in: jenkins (Ubuntu Oneiric) Status: New = Confirmed ** Changed in: jenkins (Ubuntu Precise) Milestone: None = ubuntu-12.04-beta-2 --

[Bug 954960] Re: [FFe] XSS vulnerability in Jenkins

** Branch linked: lp:~james-page/ubuntu/precise/owasp-java-html- sanitizer/trunk ** Branch linked: lp:~james-page/ubuntu/precise/jenkins/954960-1.424.6 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 954960] Re: [FFe] XSS vulnerability in Jenkins

** Bug watch added: Debian Bug tracker #664057 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664057 ** Also affects: jenkins (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664057 Importance: Unknown Status: Unknown -- You received this bug notification because

[Bug 954960] Re: [FFe] XSS vulnerability in Jenkins

** Visibility changed to: Public ** Description changed: + Rationale: + https://wiki.jenkins- ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-03-05 This advisory announces a couple of critical security vulnerabilities that were found in Jenkins core. The first

[Bug 954960] Re: [FFe] XSS vulnerability in Jenkins

** Attachment added: owasp-java-html-sanitizer_0.1+r88-0ubuntu1_amd64.build https://bugs.launchpad.net/ubuntu/+source/jenkins/+bug/954960/+attachment/2869159/+files/owasp-java-html-sanitizer_0.1%2Br88-0ubuntu1_amd64.build -- You received this bug notification because you are a member of

[Bug 954960] Re: [FFe] XSS vulnerability in Jenkins

** Attachment added: jenkins_1.424.6+dfsg-0ubuntu1_amd64.build https://bugs.launchpad.net/ubuntu/+source/jenkins/+bug/954960/+attachment/2869160/+files/jenkins_1.424.6%2Bdfsg-0ubuntu1_amd64.build ** Description changed: Rationale: https://wiki.jenkins-

[Bug 954960] Re: [FFe] XSS vulnerability in Jenkins

** Description changed: Rationale: https://wiki.jenkins- ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-03-05 This advisory announces a couple of critical security vulnerabilities that were found in Jenkins core. The first vulnerability is a directory traversal

[Bug 954960] Re: [FFe] XSS vulnerability in Jenkins

** Attachment added: jenkins_1.424.6+dfsg-0ubuntu1_amd64.build https://bugs.launchpad.net/ubuntu/+source/jenkins/+bug/954960/+attachment/2869361/+files/jenkins_1.424.6%2Bdfsg-0ubuntu1_amd64.build -- You received this bug notification because you are a member of Ubuntu Bugs, which is