On Mon, Nov 09, 2015 at 09:25:20AM +0100, Emmanuel Bourg wrote:
> Hi Moritz,
>
> If I'm not mistaken this vulnerability is actually linked to a dangerous
> deserialization in commons-collections if the input isn't properly
> sanitized.
Indeed, I intended to file a separate bug for those (but I was unsure whether
jenkins used the system-wide lib as opposed to the released versions from
jenkins upstream)
Cheers,
Moritz
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
[email protected] for discussions and questions.
