clone 696816 -1 reassign -1 jenkins-winstone 0.9.10-jenkins-37+dfsg-1 thanks
Dear Maintainer, I found upstream "SECURITY-44" (aka CVE-2012-6072) was from Winstone, and it might be fixed in 0.9.10-jenkins-40. https://github.com/jenkinsci/jenkins/commit/ad084edb571555e7c5a9bc5b27aba09aac8da98d >[FIXED SECURITY-44] > Picked up a new version of Winstone https://github.com/jenkinsci/winstone/commit/62e890b9589a844553d837d91b5f68eb3dba334e >[FIXED SECURITY-44] > Do not allow the webapp to split HTTP header values into multiple lines. > Since there's no obvious escaping semantics here, we just drop those > characters, which is what Jetty does. Regards, Nobuhiro -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
