Hi James, On Thu, Jan 10, 2013 at 05:03:44PM +0000, James Page wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 10/01/13 15:46, Miguel Landaeta wrote: > >>> We might want to consider whether updating unstable/testing to > >>> 1.480.2 is actually the best way forward at this point in > >>> time. > > Hi James, > > > > I don't know if it is feasible at this point in the release cycle > > to have a new upstream release of jenkins in sid even if it fixes > > some security issues. > > Agreed; its a last resort. > > > I backported the fix for CVE-2013-0158 from stable branch and I > > applied it to 1.447.2+dfsg-2. It applies cleanly but I'm getting a > > FTBFS. I don't have time to review it right now but I'll go back to > > it later. > > > > I'm attaching the debdiff I got and the FTBFS log error. > > I did much the same for the version in Ubuntu 12.04 (1.424.6); and hit > similar issues. The key problem is the extent of the patch to fix this > issue and the amount of code change in the TCP/Agent communication > area between 1.480.2 and earlier versions we already have packaged. > > I'm trying to get some advice from upstream on this - hopefully I'll > hear back in the next ~24hrs
Any news on this one. Jenkins has become a candidate for removal due to this one and I'd be sad to see a release without it. Cheers, -- Guido -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org