Bug#696816: marked as done (jenkins: Security issues were found in Jenkins core)

[Debian Bug Tracking System]

Your message dated Tue, 29 Jan 2013 13:32:46 +0000
with message-id <e1u0bis-0004mb...@franck.debian.org>
and subject line Bug#696816: fixed in jenkins 1.447.2+dfsg-3
has caused the Debian Bug report #696816,
regarding jenkins: Security issues were found in Jenkins core
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
696816: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696816
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: jenkins
Version: 1.447.2+dfsg-2
Severity: grave
Tags: security

Dear Maintainer,

The upstream vendor announced a security advisory, that is rated high severity.

See: 
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20


Regards,
Nobuhiro

--- End Message ---

--- Begin Message ---

Source: jenkins
Source-Version: 1.447.2+dfsg-3

We believe that the bug you reported is fixed in the latest version of
jenkins, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 696...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
James Page <james.p...@ubuntu.com> (supplier of updated jenkins package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 29 Jan 2013 12:24:30 +0000
Source: jenkins
Binary: libjenkins-java libjenkins-plugin-parent-java jenkins-common jenkins 
jenkins-slave jenkins-external-job-monitor jenkins-cli jenkins-tomcat
Architecture: source all
Version: 1.447.2+dfsg-3
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers 
<pkg-java-maintain...@lists.alioth.debian.org>
Changed-By: James Page <james.p...@ubuntu.com>
Description: 
 jenkins    - Continuous Integration and Job Scheduling Server
 jenkins-cli - Jenkins CI Command Line Interface
 jenkins-common - Jenkins common Java components and web application
 jenkins-external-job-monitor - Jenkins CI external job monitoring
 jenkins-slave - Jenkins slave node helper
 jenkins-tomcat - Jenkins CI on Tomcat 6
 libjenkins-java - Jenkins CI core Java libraries
 libjenkins-plugin-parent-java - Jenkins Plugin Parent Maven POM
Closes: 696816
Changes: 
 jenkins (1.447.2+dfsg-3) unstable; urgency=high
 .
   [ Steven McDonald ]
   * Fix multiple security issues in Jenkins core (Closes: #696816):
     - d/p/security/CVE-2012-6073.patch: Cherry-picked a fix from 1.480.1
       release to resolve an open redirect vulnerability.
     - d/p/security/CVE-2012-6074.patch: Cherry-picked a fix from 1.480.1
       release to resolve a cross-site scripting vulnerability.
     - Fixes: CVE-2012-6073, CVE-2012-6074
 .
   [ James Page ]
   * Ensure jenkins-winstone with fix for CVE-2012-6072 is picked up
     during build (Closes: #696816):
     - d/control: Version jenkins-winstone BD (>= 0.9.10-jenkins-37+dfsg-2~)
     - Fixes: CVE-2012-6072
Checksums-Sha1: 
 7580f6052d0b1de8c042187493c7beec46dcfb12 4475 jenkins_1.447.2+dfsg-3.dsc
 0b0f0ce70e0fddf7372cb2f2d80cefeb0a9d6af7 54469 
jenkins_1.447.2+dfsg-3.debian.tar.gz
 908211191a44e6a14ea917fd6a3254caa5a71bae 6658952 
libjenkins-java_1.447.2+dfsg-3_all.deb
 3a974e6e2d3b67f2115d0d49390eaddd06108353 14900 
libjenkins-plugin-parent-java_1.447.2+dfsg-3_all.deb
 37061a2475eb0f1022a867675d2653b5658db426 33063274 
jenkins-common_1.447.2+dfsg-3_all.deb
 d5245dcbbdc9cfb803cd0bca3cf8ce429a54fcb8 19020 jenkins_1.447.2+dfsg-3_all.deb
 749c52c3ac1b8d622c51507d001061ace186defa 18074 
jenkins-slave_1.447.2+dfsg-3_all.deb
 413ec38b0e056dae3556ebced99bef678e8edfb1 6626398 
jenkins-external-job-monitor_1.447.2+dfsg-3_all.deb
 7b1d8e91a2f88beeffb4ffed12093219d4d50ac7 667240 
jenkins-cli_1.447.2+dfsg-3_all.deb
 bb00384db5e82f81f192cee6d5f3f444b931b7a2 15170 
jenkins-tomcat_1.447.2+dfsg-3_all.deb
Checksums-Sha256: 
 6ddb43b9296862b9996c31aae806da0e2632b0b9125609bd51d27d5535c163a5 4475 
jenkins_1.447.2+dfsg-3.dsc
 e6ce4634ea28fd27d6192149c70658a41e56b23d892c9c470b006dfe4941fca9 54469 
jenkins_1.447.2+dfsg-3.debian.tar.gz
 4f91500090aff13f7fb4530e91ccdb608d3eee8521f7c76e94172747615cdb64 6658952 
libjenkins-java_1.447.2+dfsg-3_all.deb
 25e9aa9111f7e5d0515410119d8dfa78cdc54ad32a1854ea7f02c41be819c15b 14900 
libjenkins-plugin-parent-java_1.447.2+dfsg-3_all.deb
 ef124c9521e11d428466ecdb032b00c0f91c3313b823ed8d39f4510ca6c1b616 33063274 
jenkins-common_1.447.2+dfsg-3_all.deb
 8a04a3558a6c9f1a0cd7fe1c745f18a7bf1d98f4e4da9fe727ca72808965b92c 19020 
jenkins_1.447.2+dfsg-3_all.deb
 614c585ee5cbbcb3a2364a6c19617032de2a12748cac355120bb34a094694fdd 18074 
jenkins-slave_1.447.2+dfsg-3_all.deb
 945de4b3f3c2e1258672a97420ec02eb16e9de0607b33e629510f6282a61e16b 6626398 
jenkins-external-job-monitor_1.447.2+dfsg-3_all.deb
 ee97e8668a019ed5831693c8982ee164896a07e61cdb8b1b0fd2441b53abf5d4 667240 
jenkins-cli_1.447.2+dfsg-3_all.deb
 2f38e96b5f0311ae0e682e6be99a6476c1c87e4739c966760c87bce91af9e687 15170 
jenkins-tomcat_1.447.2+dfsg-3_all.deb
Files: 
 3aa1bcba2223e14f0e18b25540a24915 4475 java optional jenkins_1.447.2+dfsg-3.dsc
 91b755829bd3bba318fd4e1ae4aad8e6 54469 java optional 
jenkins_1.447.2+dfsg-3.debian.tar.gz
 24fe7eab2afe044ff6b730625ae902ca 6658952 java optional 
libjenkins-java_1.447.2+dfsg-3_all.deb
 84184f43487b3ff97f3faa1b58bff3f4 14900 java optional 
libjenkins-plugin-parent-java_1.447.2+dfsg-3_all.deb
 7cfab88e41805f0c990e8be8388724c3 33063274 java optional 
jenkins-common_1.447.2+dfsg-3_all.deb
 23fc82bfab611810ef92bcd4fe61aea8 19020 java optional 
jenkins_1.447.2+dfsg-3_all.deb
 dee141778396d855688962a5a57f395a 18074 java optional 
jenkins-slave_1.447.2+dfsg-3_all.deb
 b4cc7f614c013a88a6087c82be120cef 6626398 java optional 
jenkins-external-job-monitor_1.447.2+dfsg-3_all.deb
 41eeaee296a5f3709737d3f97115f62c 667240 java optional 
jenkins-cli_1.447.2+dfsg-3_all.deb
 b7658fc8d8cff31471c3806678183345 15170 java optional 
jenkins-tomcat_1.447.2+dfsg-3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJRB8e4AAoJEL/srsug59jDmXgQAIPZ/iF/mfJgyuqYxKUnHcZu
3hwFWypej1xGQr4cdNThF1GVlMPM2dgtm55BpNMnD8Z3EVf34DK2B50m4LAjoS2V
QwH8yEwHYk+CcWoWGJ8JXWtUh/lzurnjCFh6X+8249sICN3xqqw3HSQv4Bo+kXEC
VMXSlcNMHc4ZDfNK4pz4U5Qy38CtO0a8sT0CPbzSCSIKAIdlfRVYW9uqWXeBoSff
u3cHhjaxYgRr1mkaRaItoS8dV8EejId4tO4sGjBAsVVk5bQZj/oytqCS7Llo5Vd8
oWLll621WDBxkodd0xWMEuH15RSfv2KVn7HX4hHCgiGiEqFhqozZE9tIFazgfsXk
e+94U73CJRuR7PKbts1Og165XWkPNtVDnjNvR3OUUaipa3TrKZqzihpp+AovfEvC
f5erQCZ4FuZKDaCGFoMoN/cYfn1rbmQqitbGMg4itEZFtb9+MNuyZhgVqON7eduo
polZe+dC+VWEHS+bM4uI58xu0fWbNjeujGBxT5xAJ65i/mhxNrmynAgH34Tyf/zX
/SnF4hg8rcCcaQ61ntqXNDZDrS7ZXPLolHF7d4BzDZvJBhC7nfs5kVezoHvZohLZ
dBK27BxLywUDbnAobgkmz3S5ULeQ8kaw/DscYFzSR1TKArzXvMz4NeKYELNTb/FL
gNQtTfRJD++aUvLEwREH
=KO8N
-----END PGP SIGNATURE-----

--- End Message ---