Package: jenkins Version: 1.565.2-2 Severity: grave Tags: security Dear Maintainer,
The upstream vendor announced a security advisory. In this advisory, some vulnerabilities are rated critical severity. https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 >SECURITY-87/CVE-2014-3661 (anonymous DoS attack through CLI handshake) >SECURITY-110/CVE-2014-3662 (User name discovery) >SECURITY-127&128/CVE-2014-3663 (privilege escalation in job configuration >permission) >SECURITY-131/CVE-2014-3664 (directory traversal attack) >SECURITY-138/CVE-2014-3680 (Password exposure in DOM) >SECURITY-143/CVE-2014-3681 (XSS vulnerability in Jenkins core) >SECURITY-150/CVE-2014-3666 (remote code execution from CLI) >SECURITY-155/CVE-2014-3667 (exposure of plugin code) >SECURITY-159/CVE-2013-2186 (arbitrary file system write) >SECURITY-149/CVE-2014-1869 (XSS vulnerabilities in ZeroClipboard) (SECURITY-113 is not about Jenkins core.) Regards, Nobuhiro __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.