This bug was fixed in the package jenkins - 1.424.6+dfsg-1ubuntu0.1
---------------
jenkins (1.424.6+dfsg-1ubuntu0.1) precise-security; urgency=low
* SECURITY UPDATE: Remote code execution and XSS vulnerabilities
in Jenkins core (LP: #1055416):
- d/p/security/CVE-2012-4438_CVE-2012-4439.patch: Cherry picked
fixes from 1.466.2 release to resolve remote code execution
and XSS security vulnerabilities.
-
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-09-17.cb
- CVE-2012-4438
- CVE-2012-4439
-- James Page <[email protected]> Tue, 25 Sep 2012 13:32:05 +0100
** Changed in: jenkins (Ubuntu Precise)
Status: In Progress => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-4438
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-4439
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1055416
Title:
user data security issues in Jenkins
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/jenkins/+bug/1055416/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
