On Fri, Feb 21, 2014 at 06:52:17AM +0100, Salvatore Bonaccorso wrote: > Hi, > > On Sun, Feb 16, 2014 at 01:45:49AM +0900, Nobuhiro Ban wrote: > > Package: jenkins > > Version: 1.509.2+dfsg-2 > > Severity: grave > > Tags: security > > > > Dear Maintainer, > > > > The upstream vendor announced a security advisory. > > In this advisory, some vulnerabilities are rated high severity. > > > > https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14 > > > SECURITY-105 > > > affected by CVE-2013-7285 reported against XStream > > > SECURITY-76 & SECURITY-88 / CVE-2013-5573 > > > SECURITY-109 > > > SECURITY-108 > > > SECURITY-106 > > > SECURITY-93 > > > SECURITY-89 > > > SECURITY-80 > > > SECURITY-79 > > > SECURITY-77 > > > SECURITY-75 > > > SECURITY-74 > > > SECURITY-73 > > See http://www.openwall.com/lists/oss-security/2014/02/21/2, where > some CVEs were assigned to identify the issues. Please include the CVE > identifier in the changelog when fixing the corresponding issues. >
FWIW, these are referenced in https://security-tracker.debian.org/tracker/source-package/jenkins Best regards, -- Olivier BERGER http://www-public.telecom-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8 Ingenieur Recherche - Dept INF Institut Mines-Telecom, Telecom SudParis, Evry (France) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
