This bug was fixed in the package jenkins-winstone - 0.9.10-jenkins-25
+dfsg-0ubuntu2.2
---
jenkins-winstone (0.9.10-jenkins-25+dfsg-0ubuntu2.2) oneiric-security;
urgency=low
* SECURITY UPDATE: Hash DoS vulnerability in parameter
handling (LP: #914628):
- debian/patches/has
This bug was fixed in the package jenkins-executable-war -
1.22-1ubuntu0.1
---
jenkins-executable-war (1.22-1ubuntu0.1) oneiric-security; urgency=low
* SECURITY UPDATE: Hash DoS vulnerability in parameter
handling (LP: #914628):
- debian/patches/hash-dos-fix.patch: Cherry pi
This bug was fixed in the package jenkins - 1.409.1-0ubuntu4.2
---
jenkins (1.409.1-0ubuntu4.2) oneiric-security; urgency=low
* SECURITY UPDATE: Hash DoS vulnerability in parameter
handling (LP: #914628):
- Rebuild to pickup new versions of jenkins-executable-war and
l
Hi, Steve,
Upstream maintainer here. The fix is in line with what's done in Tomcat
and other application servers that are affected by the same
vulnerability, so I believe this is an accepted practice.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscri
Hi James,
The debdiffs look fine to me from a packaging perspective. I'm a little
dubious of the upstream fix, which is just setting a limit on the size
of the hashtables and hashmaps and assumes that a worst case walk of
that size won't negatively impact the operation of the system. In any
event,
** Description changed:
- Jenkins running standalone (as it does in the Ubuntu packaging) is
- vulnerable to the Hash DoS attack as detailed here:
+ [Impact]
+
+
+ [Development Fix]
+
+
+ [Stable Fix]
+
+
+ [Text Case]
+
+ 1.
+ 2.
+ 3.
+ Broken Behavior:
+ Fixed Behavior:
+
+ [Regression
I've rebuilt and tested on my local oneiric server install to ensure
that this fix has no impact on existing functionality - all looked OK to
me.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/914628
T
Attached debdiff for rebuild of jenkins against specific minimum
versions of executable-war and winstone.
** Patch added: "jenkins.debdiff"
https://bugs.launchpad.net/ubuntu/+source/jenkins/+bug/914628/+attachment/2696717/+files/jenkins.debdiff
--
You received this bug notification because y
Attached patch for jenkins-executable-war for oneiric
** Patch added: "jenkins-executable-war.debdiff"
https://bugs.launchpad.net/ubuntu/+source/jenkins/+bug/914628/+attachment/2696681/+files/jenkins-executable-war.debdiff
--
You received this bug notification because you are a member of Ubu
Attached debdiff for jenkins-winstone for oneiric-security
** Patch added: "jenkins-winstone.debdiff"
https://bugs.launchpad.net/ubuntu/+source/jenkins/+bug/914628/+attachment/2696671/+files/jenkins-winstone.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bug
** Changed in: jenkins (Ubuntu Oneiric)
Assignee: (unassigned) => James Page (james-page)
** Changed in: jenkins (Ubuntu Oneiric)
Importance: Undecided => Medium
** Changed in: jenkins (Ubuntu Oneiric)
Status: New => In Progress
** Changed in: jenkins-executable-war (Ubuntu Oneiri
11 matches
Mail list logo
