** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-4344
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/889181
Title:
XSS vulnerability in Jenkins error pages when running in standa
jenkins-winstone (0.9.10-jenkins-25+dfsg-0ubuntu2.1) oneiric-security;
urgency=low
* SECURITY UPDATE: XSS vulnerability in default error pages.
- debian/patches/fix_xss.patch: escape error messages which are supposed
be plain text and not markup in
src/java/winstone/ErrorServlet.
** Branch linked: lp:ubuntu/oneiric-security/jenkins
** Branch linked: lp:ubuntu/jenkins
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/889181
Title:
XSS vulnerability in Jenkins error pages when ru
This bug was fixed in the package jenkins - 1.409.1-0ubuntu4.1
---
jenkins (1.409.1-0ubuntu4.1) oneiric-security; urgency=low
* SECURITY UPDATE: Rebuild to pickup new version of jenkins-winstone
to close out XSS security vulnerability (LP: #889181).
-- James PageTue, 22 Nov
CVE request:
http://www.openwall.com/lists/oss-security/2011/11/23/5
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/889181
Title:
XSS vulnerability in Jenkins error pages when running in standalone
Thanks for your patches! They look great and I have uploaded them to the
security ppa. Per irc, it would be good to get htmlunit working again
and then re-enable the tests the next time this is updated. Thanks
again!
** Changed in: jenkins-winstone (Ubuntu Oneiric)
Status: Confirmed => Fix
Un-assigning myself and marking as 'Confirmed' so that this bug shows up
on the sponsors queue.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/889181
Title:
XSS vulnerability in Jenkins error pages w
I've done a basic commission of 1.409.1-0ubuntu4.1 on oneiric and the
fix to jenkins-winstone does not appear to have regressed any
functionality.
** Changed in: jenkins (Ubuntu Oneiric)
Status: In Progress => Confirmed
** Changed in: jenkins-winstone (Ubuntu Oneiric)
Status: In Pro
** Patch added: "jenkins.debdiff"
https://bugs.launchpad.net/ubuntu/oneiric/+source/jenkins-winstone/+bug/889181/+attachment/2605735/+files/jenkins.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/
** Patch added: "jenkins-winstone.debdiff"
https://bugs.launchpad.net/ubuntu/oneiric/+source/jenkins-winstone/+bug/889181/+attachment/2605734/+files/jenkins-winstone.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://b
Thank for updating this James. Are you still planning on providing
updates for 11.10? If so, can you follow
https://wiki.ubuntu.com/SecurityTeam/SponsorsQueue#Notes_for_Contributors
so that it shows up on our radar? Thanks!
--
You received this bug notification because you are a member of Ubuntu
** Branch linked: lp:~james-page/ubuntu/oneiric/jenkins/fix-xss
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/889181
Title:
XSS vulnerability in Jenkins error pages when running in standalone
mode
** Branch linked: lp:~james-page/ubuntu/oneiric/jenkins-winstone/fix-xss
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/889181
Title:
XSS vulnerability in Jenkins error pages when running in standalo
This bug was fixed in the package jenkins - 1.409.3-0ubuntu1
---
jenkins (1.409.3-0ubuntu1) precise; urgency=low
* New upstream release:
- Refreshed patches.
- d/maven.rules: Updated jenkins version to 1.409.3.
* Pickup new version of jenkins-winstone resolving XSS securit
So #2 should have read 'blocked in Precise'; this is now resolved.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/889181
Title:
XSS vulnerability in Jenkins error pages when running in standalone
m
** Changed in: jenkins-winstone (Ubuntu Precise)
Status: Triaged => Fix Released
** Changed in: jenkins-winstone (Ubuntu Oneiric)
Status: Fix Released => Fix Committed
** Changed in: jenkins-winstone (Ubuntu Oneiric)
Status: Fix Committed => In Progress
** Changed in: jenkin
** Visibility changed to: Public
** Changed in: jenkins-winstone (Ubuntu Precise)
Status: New => Triaged
** Changed in: jenkins (Ubuntu Precise)
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
htt
17 matches
Mail list logo
