jenkins-winstone (0.9.10-jenkins-25+dfsg-0ubuntu2.1) oneiric-security;
urgency=low
* SECURITY UPDATE: XSS vulnerability in default error pages.
- debian/patches/fix_xss.patch: escape error messages which are supposed
be plain text and not markup in
src/java/winstone/ErrorServlet.java,
src/java/winstone/URIUtil.java,
src/java/winstone/WinstoneResponse.java
-
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2011-11-08.cb
* d/maven.{properties,ignoreRules}: Disabled testing as htmlunit is
currently broken in 11.10.
Date: Tue, 22 Nov 2011 12:21:24 +0000
Changed-By: James Page <[email protected]>
Maintainer: Ubuntu Developers <[email protected]>
https://launchpad.net/ubuntu/oneiric/+source/jenkins-winstone/0.9.10-jenkins-25+dfsg-0ubuntu2.1
Format: 1.8
Date: Tue, 22 Nov 2011 12:21:24 +0000
Source: jenkins-winstone
Binary: libjenkins-winstone-java libjenkins-winstone-java-doc
Architecture: source
Version: 0.9.10-jenkins-25+dfsg-0ubuntu2.1
Distribution: oneiric-security
Urgency: low
Maintainer: Ubuntu Developers <[email protected]>
Changed-By: James Page <[email protected]>
Description:
libjenkins-winstone-java - Jenkins branch of Winstone servlet container
libjenkins-winstone-java-doc - Documentation for libjenkins-winstone-java
Changes:
jenkins-winstone (0.9.10-jenkins-25+dfsg-0ubuntu2.1) oneiric-security;
urgency=low
.
* SECURITY UPDATE: XSS vulnerability in default error pages.
- debian/patches/fix_xss.patch: escape error messages which are supposed
be plain text and not markup in
src/java/winstone/ErrorServlet.java,
src/java/winstone/URIUtil.java,
src/java/winstone/WinstoneResponse.java
-
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2011-11-08.cb
* d/maven.{properties,ignoreRules}: Disabled testing as htmlunit is
currently broken in 11.10.
Checksums-Sha1:
ce464ac4c890a8fd01849a54de9653a5d90efccd 2226
jenkins-winstone_0.9.10-jenkins-25+dfsg-0ubuntu2.1.dsc
c8f5abf90fb4a2b005c5405b3aceb29fb6783c1f 69749
jenkins-winstone_0.9.10-jenkins-25+dfsg-0ubuntu2.1.debian.tar.gz
Checksums-Sha256:
ada79f678b66c9411b0e6c0f8028706020ed897eb65651f11f3392fc97407012 2226
jenkins-winstone_0.9.10-jenkins-25+dfsg-0ubuntu2.1.dsc
fa570faa9f62d2110e2115b4b5710141638d7553e5860c4f8779e141c9c0455d 69749
jenkins-winstone_0.9.10-jenkins-25+dfsg-0ubuntu2.1.debian.tar.gz
Files:
63509a37cf66f2342fca6e1bff600e2d 2226 java optional
jenkins-winstone_0.9.10-jenkins-25+dfsg-0ubuntu2.1.dsc
1952bf4fa1403ee938c4c51415de7c4a 69749 java optional
jenkins-winstone_0.9.10-jenkins-25+dfsg-0ubuntu2.1.debian.tar.gz
Original-Maintainer: Hudson Ubuntu Packagers <[email protected]>
--
Oneiric-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/oneiric-changes
