Hi
On Tue, Jan 08, 2013 at 02:06:39AM +0900, Nobuhiro Ban wrote:
> Package: jenkins
> Version: 1.447.2+dfsg-2
> Severity: grave
> Tags: security
>
> Dear Maintainer,
>
> The upstream vendor announced a security advisory, that is rated
> critical severity.
>
> See:
> https://wiki.jenkins-ci.org
Hi James,
On Thu, Jan 10, 2013 at 05:03:44PM +, James Page wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 10/01/13 15:46, Miguel Landaeta wrote:
> >>> We might want to consider whether updating unstable/testing to
> >>> 1.480.2 is actually the best way forward at this point
On Thu, Jan 10, 2013 at 2:29 PM, Miguel Landaeta wrote:
> On Thu, Jan 10, 2013 at 2:03 PM, James Page wrote:
>> I'm trying to get some advice from upstream on this - hopefully I'll
>> hear back in the next ~24hrs
>
> Good to know, I'll stay tuned.
>
Hi James, is there any news about this issue?
On Thu, Jan 10, 2013 at 2:03 PM, James Page wrote:
> I did much the same for the version in Ubuntu 12.04 (1.424.6); and hit
> similar issues. The key problem is the extent of the patch to fix this
> issue and the amount of code change in the TCP/Agent communication
> area between 1.480.2 and earli
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 10/01/13 15:46, Miguel Landaeta wrote:
>>> We might want to consider whether updating unstable/testing to
>>> 1.480.2 is actually the best way forward at this point in
>>> time.
> Hi James,
>
> I don't know if it is feasible at this point in the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 09/01/13 00:54, Miguel Landaeta wrote:
> Hi,
>
> I'm working in backporting a fix for this issue to this version of
> Jenkins. It doesn't too hard to do it but I had not tested
> properly the patch I got.
>
> If everything goes well I'll attach
Hi,
I'm working in backporting a fix for this issue to this version of
Jenkins. It doesn't too hard to do it but I had not tested properly
the patch I got.
If everything goes well I'll attach a debdiff to this bug report very soon.
Cheers,
--
Miguel Landaeta, miguel at miguel.cc
secure email w
Control: retitle -1 jenkins: CVE-2013-0158: remote code execution vulnerability
Hi
On Tue, Jan 08, 2013 at 02:06:39AM +0900, Nobuhiro Ban wrote:
> Package: jenkins
> Version: 1.447.2+dfsg-2
> Severity: grave
> Tags: security
>
> Dear Maintainer,
>
> The upstream vendor announced a security advi
Package: jenkins
Version: 1.447.2+dfsg-2
Severity: grave
Tags: security
Dear Maintainer,
The upstream vendor announced a security advisory, that is rated
critical severity.
See:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04
Regards,
Nobuhiro
--
To UNSUBS
9 matches
Mail list logo
