Debian Bug report logs -
#649900
CVE-2011-4344: XSS
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Thu, 24 Nov 2011 17:15:01 UTC
Severity: grave
Tags: security
Fixed in version 0.9.10-jenkins-29+dfsg-1
Done: James Page <james.page@ubuntu.com>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, unknown-package@qa.debian.org:
Bug#649900; Package src:libjenkins-winstone-java.
(Thu, 24 Nov 2011 17:15:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, unknown-package@qa.debian.org.
(Thu, 24 Nov 2011 17:15:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: libjenkins-winstone-java
Severity: grave
Tags: security
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2011-11-08.cb
Patch:
https://github.com/jenkinsci/winstone/commit/410ed3001d51c689cf59085b7417466caa2ded7b.patch
Cheers,
Moritz
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.0.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#649900; Package jenkins-winstone.
(Tue, 03 Jan 2012 10:18:27 GMT) (full text, mbox, link).
Acknowledgement sent
to James Page <james.page@ubuntu.com>:
Extra info received and forwarded to list. Copy sent to Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>.
(Tue, 03 Jan 2012 10:18:31 GMT) (full text, mbox, link).
Message #12 received at 649900@bugs.debian.org (full text, mbox, reply):
This XSS issue was resolved/released in 0.9.10-jenkins-29 so the package
in Debian already contains the fix for this security issue.
Apologies - I should have detailed this in the changelog entry.
Cheers
James
--
James Page
Ubuntu Core Developer
Reply sent
to James Page <james.page@ubuntu.com>:
You have taken responsibility.
(Tue, 03 Jan 2012 10:18:57 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Tue, 03 Jan 2012 10:18:59 GMT) (full text, mbox, link).
Message #17 received at 649900-done@bugs.debian.org (full text, mbox, reply):
Version: 0.9.10-jenkins-29+dfsg-1
Closing as fix released in 0.9.10-jenkins-29
--
James Page
Ubuntu Core Developer
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 22 Feb 2012 07:31:53 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:19:43 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon