jenkins-winstone (0.9.10-jenkins-25+dfsg-0ubuntu2.1) oneiric-security;
urgency=low
* SECURITY UPDATE: XSS vulnerability in default error pages.
- debian/patches/fix_xss.patch: escape error messages which are supposed
be plain text and not markup in
src/java/winstone/ErrorServlet.java,
src/java/winstone/URIUtil.java,
src/java/winstone/WinstoneResponse.java
-
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2011-11-08.cb
* d/maven.{properties,ignoreRules}: Disabled testing as htmlunit is
currently broken in 11.10.
** Changed in: jenkins-winstone (Ubuntu Oneiric)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/889181
Title:
XSS vulnerability in Jenkins error pages when running in standalone
mode
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/jenkins/+bug/889181/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
