Jamie
as precise is now released I'm not going to backport this fix to 11.10.
TBH upstream is now two LTS releases further on from the one in Oneiric.
For those that don't want to upgrade yet I have backported the 12.04
packages to PPA
ppa:hudson-ubuntu/backports
** Changed in: jenkins
James, were you still planning on providing an updated for 11.10?
** Changed in: jenkins (Ubuntu Oneiric)
Status: Confirmed = Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/954960
** Changed in: jenkins (Debian)
Status: Confirmed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/954960
Title:
[FFe] XSS vulnerability in Jenkins
To manage notifications about
** Branch linked: lp:ubuntu/owasp-java-html-sanitizer
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/954960
Title:
[FFe] XSS vulnerability in Jenkins
To manage notifications about this bug go to:
This bug was fixed in the package jenkins - 1.424.6+dfsg-0ubuntu1
---
jenkins (1.424.6+dfsg-0ubuntu1) precise; urgency=low
* New upstream release, fixing XSS security vulnerability (LP: #954960):
- d/control: Add new dependency on libowasp-java-html-sanitizer-java.
-
** Changed in: jenkins (Ubuntu Oneiric)
Assignee: (unassigned) = James Page (james-page)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/954960
Title:
[FFe] XSS vulnerability in Jenkins
To
** Branch linked: lp:ubuntu/jenkins
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/954960
Title:
[FFe] XSS vulnerability in Jenkins
To manage notifications about this bug go to:
** Changed in: jenkins (Debian)
Status: Unknown = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/954960
Title:
[FFe] XSS vulnerability in Jenkins
To manage notifications about this
Hi James, thanks for the comprehensive report. This makes total sense,
and needs to be fixed regardless. Uploading a srcNEW is clearly the
most sensible choice.
Thanks.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Changed in: jenkins (Ubuntu Precise)
Importance: Medium = High
** Changed in: jenkins (Ubuntu Oneiric)
Importance: Medium = High
** Changed in: jenkins (Ubuntu Oneiric)
Status: New = Confirmed
** Changed in: jenkins (Ubuntu Precise)
Milestone: None = ubuntu-12.04-beta-2
--
** Branch linked: lp:~james-page/ubuntu/precise/owasp-java-html-
sanitizer/trunk
** Branch linked: lp:~james-page/ubuntu/precise/jenkins/954960-1.424.6
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Bug watch added: Debian Bug tracker #664057
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664057
** Also affects: jenkins (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664057
Importance: Unknown
Status: Unknown
--
You received this bug notification because
** Visibility changed to: Public
** Description changed:
+ Rationale:
+
https://wiki.jenkins-
ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-03-05
This advisory announces a couple of critical security vulnerabilities
that were found in Jenkins core.
The first
** Attachment added: owasp-java-html-sanitizer_0.1+r88-0ubuntu1_amd64.build
https://bugs.launchpad.net/ubuntu/+source/jenkins/+bug/954960/+attachment/2869159/+files/owasp-java-html-sanitizer_0.1%2Br88-0ubuntu1_amd64.build
--
You received this bug notification because you are a member of
** Attachment added: jenkins_1.424.6+dfsg-0ubuntu1_amd64.build
https://bugs.launchpad.net/ubuntu/+source/jenkins/+bug/954960/+attachment/2869160/+files/jenkins_1.424.6%2Bdfsg-0ubuntu1_amd64.build
** Description changed:
Rationale:
https://wiki.jenkins-
** Description changed:
Rationale:
https://wiki.jenkins-
ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-03-05
This advisory announces a couple of critical security vulnerabilities
that were found in Jenkins core.
The first vulnerability is a directory traversal
** Attachment added: jenkins_1.424.6+dfsg-0ubuntu1_amd64.build
https://bugs.launchpad.net/ubuntu/+source/jenkins/+bug/954960/+attachment/2869361/+files/jenkins_1.424.6%2Bdfsg-0ubuntu1_amd64.build
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
17 matches
Mail list logo