Your message dated Tue, 25 Sep 2012 12:32:43 +0000 with message-id <e1tgujf-0003vv...@franck.debian.org> and subject line Bug#688298: fixed in jenkins 1.447.2+dfsg-2 has caused the Debian Bug report #688298, regarding jenkins: Multiple security issues to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 688298: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688298 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: jenkins Severity: grave Tags: security Justification: user security hole Please see http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-09-17.cb CVE IDs have been assigned: http://seclists.org/oss-sec/2012/q3/521 Remember Debian is frozen, so please upload only minimal fixes and and ask for a freeze exception by filing a bug against release.debian.org Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: jenkins Source-Version: 1.447.2+dfsg-2 We believe that the bug you reported is fixed in the latest version of jenkins, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 688...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. James Page <james.p...@ubuntu.com> (supplier of updated jenkins package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 25 Sep 2012 11:01:53 +0100 Source: jenkins Binary: libjenkins-java libjenkins-plugin-parent-java jenkins-common jenkins jenkins-slave jenkins-external-job-monitor jenkins-cli jenkins-tomcat Architecture: source all Version: 1.447.2+dfsg-2 Distribution: sid Urgency: low Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: James Page <james.p...@ubuntu.com> Description: jenkins - Continuous Integration and Job Scheduling Server jenkins-cli - Jenkins CI Command Line Interface jenkins-common - Jenkins common Java components and web application jenkins-external-job-monitor - Jenkins CI external job monitoring jenkins-slave - Jenkins slave node helper jenkins-tomcat - Jenkins CI on Tomcat 6 libjenkins-java - Jenkins CI core Java libraries libjenkins-plugin-parent-java - Jenkins Plugin Parent Maven POM Closes: 688298 Changes: jenkins (1.447.2+dfsg-2) unstable; urgency=low . * Fix multiple security issues in Jenkins core (Closes: #688298): - d/p/security/CVE-2012-4438_CVE-2012-4439.patch: Cherry picked fixes from 1.466.2 release to resolve remote code execution and XSS security vulnerabilities. - d/rules: Tweaked handling of groovy -> java source file copy to accommodate the file created by the above patch. - Fixes: CVE-2012-4438, CVE-2012-4439 Checksums-Sha1: 97f573b825b7f41a961fe2fab77a062e43b3fe26 4467 jenkins_1.447.2+dfsg-2.dsc 5aab1156237d80a16af8e0b6976cd79f97663f1a 53103 jenkins_1.447.2+dfsg-2.debian.tar.gz cd0653aa6f388d03f9f3107d710affd9c666a33b 6658972 libjenkins-java_1.447.2+dfsg-2_all.deb 711eca0bfb4b30c7b690ad83dd347c134f81bc5b 14716 libjenkins-plugin-parent-java_1.447.2+dfsg-2_all.deb 355f0db20106aca5a923049601d6a8a1028cd4d6 33056414 jenkins-common_1.447.2+dfsg-2_all.deb 4ba9e8354b08ae29d25b4e5700867d6c74883422 18830 jenkins_1.447.2+dfsg-2_all.deb 22b88205f445e6810bd621f70bc30d70dd51e469 17888 jenkins-slave_1.447.2+dfsg-2_all.deb a790005aea9a6def4f156738be21431e382efdcf 6626410 jenkins-external-job-monitor_1.447.2+dfsg-2_all.deb 3325fb480ec6e00fe94ba8d2a6011f9af9a91fdc 667052 jenkins-cli_1.447.2+dfsg-2_all.deb d32230ecd82c9ba33d5baf7f23e22b8ac44837e4 14990 jenkins-tomcat_1.447.2+dfsg-2_all.deb Checksums-Sha256: 1f36b76fb653145adc564fe04efd747bcb71cf504f4b8bcd28e62e0a34949900 4467 jenkins_1.447.2+dfsg-2.dsc bfb017a8f8a2e17294b19655c4480299f3249bf069a1dee43f724b4a923bc1d0 53103 jenkins_1.447.2+dfsg-2.debian.tar.gz 24b9cea46afd42dfca4ffa9c02648ae9fb83abe6d1b8d246543addcdb5eaf235 6658972 libjenkins-java_1.447.2+dfsg-2_all.deb 6becbb5fadbdfd3156295503a36cce06445c45c29db387f874e98454c827511b 14716 libjenkins-plugin-parent-java_1.447.2+dfsg-2_all.deb 80d3607ce156363ec625db90c78684eb16c3f76c6c3e20ab08b8070c30c9a351 33056414 jenkins-common_1.447.2+dfsg-2_all.deb 48efc0e032c9f67bd2541a0ccf0d0d64f6bb8ddd6d44b8d8f2e38417241c892a 18830 jenkins_1.447.2+dfsg-2_all.deb 8932ed5aa9395b8e89115241091fb900c4458f36a0adcfc3446be0ba0ab2db2d 17888 jenkins-slave_1.447.2+dfsg-2_all.deb 63e811e09ddaf8071a035be14c69c627a7878494e23cc70918dede257e816341 6626410 jenkins-external-job-monitor_1.447.2+dfsg-2_all.deb 8ade5b6b17ddfff7cbedab28152ef9f496d4deba60fe4231962b4473ac7a323f 667052 jenkins-cli_1.447.2+dfsg-2_all.deb bce403204c8f6bfb3d5ce97355236e662d792456e95fd219c36340baad5b38e0 14990 jenkins-tomcat_1.447.2+dfsg-2_all.deb Files: 7cfabd08194a95bee8b20ce12fba35a8 4467 java optional jenkins_1.447.2+dfsg-2.dsc 639701dca2a6dbca70c5e81ba549326b 53103 java optional jenkins_1.447.2+dfsg-2.debian.tar.gz 5f7243be61277888f41a0a5d17e4e3d6 6658972 java optional libjenkins-java_1.447.2+dfsg-2_all.deb f6679231d08b0e3198cb5a80c96f2a96 14716 java optional libjenkins-plugin-parent-java_1.447.2+dfsg-2_all.deb 83e630f0f40f068cec847cc9b168e751 33056414 java optional jenkins-common_1.447.2+dfsg-2_all.deb 367eb613aeb1fbea109c5134d3960149 18830 java optional jenkins_1.447.2+dfsg-2_all.deb e235ee7d4b3af7eecce5ea21bb824242 17888 java optional jenkins-slave_1.447.2+dfsg-2_all.deb 8a836ac6f7ad7ccf75b8a42f72c49fcc 6626410 java optional jenkins-external-job-monitor_1.447.2+dfsg-2_all.deb 1904cd2a7b9c8e0c913c008d9a1b1bd1 667052 java optional jenkins-cli_1.447.2+dfsg-2_all.deb 9af89ec478f96cab16fc15e1de2b8e4b 14990 java optional jenkins-tomcat_1.447.2+dfsg-2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCAAGBQJQYZUwAAoJEL/srsug59jD4ZMQALrVS1/440+24DC9SqeY6cqw wt9ZdL8FAa5yEvX/dCWe6OJCy4UnSeT2utFGVyWnnBqSd3t3/Vc3K/8HEeDP6sRH wVltXUeFbEjqJTadB9FzZmQXmT1pvC6y81VQPepHRYvsfmfOddgnjTKD0FTMxZOM YVEq4EqnR6GcxWH5l1qJOgCZCTQp9VV5p1mpTTf0Zg9+LqcnZw17u7DcDKE+XVPC BiAFsLQfaCvq9TsTED3N6Li9T4vJhlBj36dAScD5TVsm8cagrREVjM9owucfxg1U +EDlMlQURI+Nn/64DVmX1nJZxcjpMGQ+OEemIdGMGHpfDRDeDEX8mRJRvwpKHcmB 5WHjC4zKDWl/TA/X8V6lrBeKSR51tFRi08HXpLSePOZXiADNTbggHQmnZJ/NjwzE 7pREij5s1/MPO2LtvYCCHW3KLf1drJXGgxQxS3uqS7n7GfEvjGY/pOUx6ngE5A8S AVyYhqQUI5GkCZ1iTzFpcaAHVJa5ZmmLQyccLQKjiz799mHwOne5UveGcqW/DAGb LYwUT9EdTuiB4SXNg7Vnv/EChhUTQ804KMk9uCkrGJqPHnr8FsKUy+inoJYFlf6a yHGzPiJFujvB94HgMSZDyeBgbbvBLXPyT6LTxyvqIZlcc356S64HJJlIjTYkDeOt kDIIA/RLIEVJKBafIr3s =qOuw -----END PGP SIGNATURE-----
--- End Message ---
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
