jenkins: Security issues were found in Jenkins core

Debian Bug report logs - #696816
jenkins: Security issues were found in Jenkins core

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Nobuhiro Ban <ban.nobuhiro@gmail.com>

To: submit@bugs.debian.org

Subject: jenkins: Security issues were found in Jenkins core

Date: Fri, 28 Dec 2012 01:17:46 +0900

Package: jenkins
Version: 1.447.2+dfsg-2
Severity: grave
Tags: security

Dear Maintainer,

The upstream vendor announced a security advisory, that is rated high severity.

See: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20


Regards,
Nobuhiro

Message #10 received at 696816@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Nobuhiro Ban <ban.nobuhiro@gmail.com>, 696816@bugs.debian.org, team@security.debian.org

Subject: Re: Bug#696816: jenkins: Security issues were found in Jenkins core

Date: Fri, 28 Dec 2012 15:44:33 +0100

[Message part 1 (text/plain, inline)]

Hi

On Fri, Dec 28, 2012 at 01:17:46AM +0900, Nobuhiro Ban wrote:
> Package: jenkins
> Version: 1.447.2+dfsg-2
> Severity: grave
> Tags: security
> 
> Dear Maintainer,
> 
> The upstream vendor announced a security advisory, that is rated high severity.
> 
> See: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20

Moritz requested CVE's for these three vulnerabilities[1].
CVE-2012-6072[2], CVE-2012-6073[3] and CVE-2012-6072[4] where
assigned.

Please also include the CVE (Common Vulnerabilities & Exposures) ids
in your changelog entry when fixing these.

 [1]: http://www.openwall.com/lists/oss-security/2012/12/28/1
 [2]: https://security-tracker.debian.org/tracker/CVE-2012-6072
 [3]: https://security-tracker.debian.org/tracker/CVE-2012-6073
 [4]: https://security-tracker.debian.org/tracker/CVE-2012-6074

Regards,
Salvatore

[signature.asc (application/pgp-signature, inline)]

Message #15 received at 696816@bugs.debian.org (full text, mbox, reply):

From: Nobuhiro Ban <ban.nobuhiro@gmail.com>

To: 696816@bugs.debian.org, control@bugs.debian.org

Cc: Salvatore Bonaccorso <carnil@debian.org>

Subject: Re: Bug#696816: jenkins: Security issues were found in Jenkins core

Date: Sun, 30 Dec 2012 14:10:22 +0900

clone 696816 -1
reassign -1 jenkins-winstone 0.9.10-jenkins-37+dfsg-1
thanks

Dear Maintainer,

I found upstream "SECURITY-44" (aka CVE-2012-6072) was from Winstone,
and it might be fixed in 0.9.10-jenkins-40.


https://github.com/jenkinsci/jenkins/commit/ad084edb571555e7c5a9bc5b27aba09aac8da98d
>[FIXED SECURITY-44]
> Picked up a new version of Winstone

https://github.com/jenkinsci/winstone/commit/62e890b9589a844553d837d91b5f68eb3dba334e
>[FIXED SECURITY-44]
> Do not allow the webapp to split HTTP header values into multiple lines. Since there's no obvious escaping semantics here, we just drop those characters, which is what Jetty does.


Regards,
Nobuhiro

Message #22 received at 696816-close@bugs.debian.org (full text, mbox, reply):

From: James Page <james.page@ubuntu.com>

To: 696816-close@bugs.debian.org

Subject: Bug#696816: fixed in jenkins 1.480.2+dfsg-1~exp1

Date: Thu, 10 Jan 2013 10:47:49 +0000

Source: jenkins
Source-Version: 1.480.2+dfsg-1~exp1

We believe that the bug you reported is fixed in the latest version of
jenkins, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 696816@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
James Page <james.page@ubuntu.com> (supplier of updated jenkins package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 10 Jan 2013 09:50:50 +0000
Source: jenkins
Binary: libjenkins-java libjenkins-plugin-parent-java jenkins-common jenkins jenkins-slave jenkins-external-job-monitor jenkins-cli jenkins-tomcat
Architecture: source all
Version: 1.480.2+dfsg-1~exp1
Distribution: experimental
Urgency: low
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: James Page <james.page@ubuntu.com>
Description: 
 jenkins    - Continuous Integration and Job Scheduling Server
 jenkins-cli - Jenkins CI Command Line Interface
 jenkins-common - Jenkins common Java components and web application
 jenkins-external-job-monitor - Jenkins CI external job monitoring
 jenkins-slave - Jenkins slave node helper
 jenkins-tomcat - Jenkins CI on Tomcat 6
 libjenkins-java - Jenkins CI core Java libraries
 libjenkins-plugin-parent-java - Jenkins Plugin Parent Maven POM
Closes: 696816 697617
Changes: 
 jenkins (1.480.2+dfsg-1~exp1) experimental; urgency=low
 .
   * New upstream release (Closes: #696816, #697617):
     - d/control: Added new BD on libjbcrypt-java.
     - d/control: Versioned BD jenkins-winstone >= 0.9.10-jenkins-40.
     - d/control: Versioned BD jenkins-trilead-ssh4 >= 214-jenkins-1.
     - Fixes the following security vulnerabilities:
       CVE-2012-6072, CVE-2012-6073, CVE-2012-6072, CVE-2013-0158.
   * Tidied lintian warnings.
   * Bumped Standards-Version: 3.9.4, no changes.
Checksums-Sha1: 
 61b96c26379a93b0f8831241b2d8155ed2c1fca5 4523 jenkins_1.480.2+dfsg-1~exp1.dsc
 142722450b04d9bca1411fbcd876badd7bfbd076 4563554 jenkins_1.480.2+dfsg.orig.tar.gz
 75831e84f212e6a14d430fdf9db45e895ea918b3 46490 jenkins_1.480.2+dfsg-1~exp1.debian.tar.gz
 6fdc27ccbead9992decef198142f0b9e50c2df8d 6886032 libjenkins-java_1.480.2+dfsg-1~exp1_all.deb
 9026e4a6d8938034e98ca044fff1c3b8eea8b863 15768 libjenkins-plugin-parent-java_1.480.2+dfsg-1~exp1_all.deb
 3c06021dd2a9b016ef4e848a757a9ca5a694a33f 33533788 jenkins-common_1.480.2+dfsg-1~exp1_all.deb
 b4e3fc9784ded3add022ce570fa2444510d114f3 19620 jenkins_1.480.2+dfsg-1~exp1_all.deb
 a3149f9dfcf6f41be9cbc3b5f0b5e0747f3a6006 18718 jenkins-slave_1.480.2+dfsg-1~exp1_all.deb
 97d6982aefa9e2269ce665e58d95cd2481e8b0a6 6850002 jenkins-external-job-monitor_1.480.2+dfsg-1~exp1_all.deb
 f84b515753348ae792ab59cdb335b0c0cc0376d2 689022 jenkins-cli_1.480.2+dfsg-1~exp1_all.deb
 05e1ff6f5f7d3ccd69a508e081512c8bc05332fb 15804 jenkins-tomcat_1.480.2+dfsg-1~exp1_all.deb
Checksums-Sha256: 
 678a1b06b46dd9c4a3540bfc535ef61b9159dd644271157963feccb0f94e8f31 4523 jenkins_1.480.2+dfsg-1~exp1.dsc
 ac0554a00195cdb7de0b56500beef6c36ac02bb244ade7a79024f562ec4cf418 4563554 jenkins_1.480.2+dfsg.orig.tar.gz
 60c07aec907caaa5bf29aca0f1dc423610f0e344a6a83d9b976d02544751c4ae 46490 jenkins_1.480.2+dfsg-1~exp1.debian.tar.gz
 9051e9440e22d22bb93002bada18b6722d37e3a2e8692f54571162dd4c7f6c13 6886032 libjenkins-java_1.480.2+dfsg-1~exp1_all.deb
 b9459171af4aba12075eae552ba01938cb1a6eb33c1e3f3f6ff094a33b2e806c 15768 libjenkins-plugin-parent-java_1.480.2+dfsg-1~exp1_all.deb
 4ca0ab861e62d77b40ef5519d23b220fc867d981f1bcc3621987d881139b1fdd 33533788 jenkins-common_1.480.2+dfsg-1~exp1_all.deb
 ac6c3be0ac3b13f722d0ec36b10ec35d811bad5f3b2fb5ad282d0999b63fa15f 19620 jenkins_1.480.2+dfsg-1~exp1_all.deb
 cf4edfc6ed40292bbcaa9275081e378c1cd236dc223b77323f3cbc7a395b3c86 18718 jenkins-slave_1.480.2+dfsg-1~exp1_all.deb
 c768cd1039673ffe7f19c47a710e2f8237a0d790efb382f4b02d3f57f33ab5e4 6850002 jenkins-external-job-monitor_1.480.2+dfsg-1~exp1_all.deb
 9cb7e1f3345daaa2fb2a7cef44fc2761893084773b22b1f21895be07ff161f84 689022 jenkins-cli_1.480.2+dfsg-1~exp1_all.deb
 a8d401eb7e065c2ab4c37b9345eed9ac85c393e65627267caa356a479e12b9a8 15804 jenkins-tomcat_1.480.2+dfsg-1~exp1_all.deb
Files: 
 87f3722989adb64e4945c6992ce4f60f 4523 java optional jenkins_1.480.2+dfsg-1~exp1.dsc
 4c307bf3c7d1b4237e70ae65a895e5fd 4563554 java optional jenkins_1.480.2+dfsg.orig.tar.gz
 4096f2c1c26755a84ea46a3f4764fd06 46490 java optional jenkins_1.480.2+dfsg-1~exp1.debian.tar.gz
 a7a838c6a61fd3cfacbe8fd7599b9d92 6886032 java optional libjenkins-java_1.480.2+dfsg-1~exp1_all.deb
 7bbc5d9fbca6dc1af1629a66a29c5e0b 15768 java optional libjenkins-plugin-parent-java_1.480.2+dfsg-1~exp1_all.deb
 d9856658d4d1fd44e2bb75198feadc7b 33533788 java optional jenkins-common_1.480.2+dfsg-1~exp1_all.deb
 d6f4e47c82c611532df941a35e8e273b 19620 java optional jenkins_1.480.2+dfsg-1~exp1_all.deb
 08e249b1a66212a731b0f850bb7a559b 18718 java optional jenkins-slave_1.480.2+dfsg-1~exp1_all.deb
 98a38dad56321f9e2be7fc889ce18a7d 6850002 java optional jenkins-external-job-monitor_1.480.2+dfsg-1~exp1_all.deb
 0ae5f52365e4b10134358c02ddd013ce 689022 java optional jenkins-cli_1.480.2+dfsg-1~exp1_all.deb
 84287f3b64f4b08a6f3275498af2259e 15804 java optional jenkins-tomcat_1.480.2+dfsg-1~exp1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJQ7pmAAAoJEL/srsug59jDOK4P/A1ifynmHaO+iMBYqCaZVYPl
Zrj6Fsw7Y1ObohERQBn6YX+alENbZ2Zke045JEhozLsundFh47YpM4s16kiQ4u4O
4L8ZZQ6D/+FZ2I/8yKhjbWPYduVLAMjCCapFycC87tPbsTQbJRXtuo7CzfdD5fVA
4Ggrlqg+ihBnEDng50H2isysog7RKICkKjEFrJy7dQYJOlJ7LBe+8/29XmoJ8zpd
SrJTvm2Sva8+n4GpdiQ/L0x4Bx6G2pBI5/Xsq2slaNbhT+ul3V239ZOkux2snGav
3u5wzGiwbo0rtvjkkczQ8MtUHOKQ65RjFghij5GvXuEnYGKkKD8m/QSQqzWKXVV7
HRV/uxUHrl6Q99tiq1qNESseAwy77Ok434wRmVukZMtVjbkjVew8zAj4g9vk1Uan
KhMM+1A90pq+N0Z42hcjB8yHfM/gIhXT7M8/uubIhPw7XgtiOJbO3doxqcqL8nyG
8qwuEKtCxLyoDjXe1zffTRnBy5M/ujs5AxjGURJpv0NcNIN4f+fl1buKmpOpIUSo
w6TvIVum66uLouy7on8ZdQMr9ZSqvQ4LY94NhCbmnt+Oi4W0mA0CJMQEN3iDNa+w
/OZSl8O3DN0flOX2AV7LIs/luVLN40Y2x9uY6wl9kQ+gMBikdwTKH1QRiscNuddG
n4yJVYwyyivgu/4Sp/RH
=T+01
-----END PGP SIGNATURE-----

Message #27 received at 696816@bugs.debian.org (full text, mbox, reply):

From: Steven McDonald <steven@steven-mcdonald.id.au>

To: 696816@bugs.debian.org

Subject: Re: Bug#696816: jenkins: Security issues were found in Jenkins core

Date: Sat, 26 Jan 2013 02:18:55 +1100

[Message part 1 (text/plain, inline)]

Hi there,

The issue was raised on debian-devel[0] that this bug still affects
unstable and is causing jenkins to be a candidate for removal from
wheezy. I have backported the fixes for these issues from upstream git;
they are attached to this e-mail as separate quilt patches for the sake
of cleanliness.

I have also uploaded a source NMU package[1] to mentors.debian.net,
which I intend to seek sponsorship for if I don't get a reply to this
bug report within 72 hours (as the deadline given by the Release Team
for removal from testing is 31st January).

Please let me know if you need anything further from me.

Thanks,
Steven.

[0] Thread "Candidates for removal from testing (2013-01-24)", which
doesn't seem to be in the web archives yet.

[1] http://mentors.debian.net/package/jenkins

[CVE-2012-6073.patch (text/x-patch, attachment)]

[CVE-2012-6074.patch (text/x-patch, attachment)]

[signature.asc (application/pgp-signature, attachment)]

Message #32 received at 696816@bugs.debian.org (full text, mbox, reply):

From: Holger Levsen <holger@layer-acht.org>

To: 696816@bugs.debian.org

Cc: Steven McDonald <steven@steven-mcdonald.id.au>

Subject: patches look good, comments not :)

Date: Sat, 26 Jan 2013 12:10:19 +0100

[Message part 1 (text/plain, inline)]

Hi,

I've reviewed http://mentors.debian.net/debian/pool/main/j/jenkins/jenkins_1.447.2+dfsg-2.1.dsc and compared to the actual commits in jenkins git 
and found that the patches were the right ones, but the comments were wrong, referring the other one:

$ git show 1d48e7bf8254349a19328d56bd8006635a95866d > ../CVE-2012-6074
$ git show ab0ac1ac499f734892c2203edc508a6dbf5fa42d > ../CVE-2012-6073

$ dpkg-source -x jenkins_1.447.2+dfsg-2.1.dsc 
$ diff ../CVE-2012-6074 jenkins-1.447.2+dfsg/debian/patches/security/CVE-2012-6073.patch |grep commit
< commit 1d48e7bf8254349a19328d56bd8006635a95866d
> Origin: Upstream, commit ab0ac1ac499f734892c2203edc508a6dbf5fa42d
$ diff ../CVE-2012-6073 jenkins-1.447.2+dfsg/debian/patches/security/CVE-2012-6074.patch |grep commit
< commit ab0ac1ac499f734892c2203edc508a6dbf5fa42d
> Origin: Upstream, commit 1d48e7bf8254349a19328d56bd8006635a95866d

James, do you plan to upload this (after fixing the patch comments)? Else I'd be happy to NMU...


cheers,
	Holger

[Message part 2 (text/html, inline)]

Message #37 received at 696816@bugs.debian.org (full text, mbox, reply):

From: Steven McDonald <steven@steven-mcdonald.id.au>

To: 696816@bugs.debian.org, Holger Levsen <holger@layer-acht.org>

Subject: Re: patches look good, comments not :)

Date: Sun, 27 Jan 2013 03:01:18 +1100

[Message part 1 (text/plain, inline)]

Hi Holger,

Thanks for that! Seems you're right about the wrong comments, don't
know how I messed that up. :(

I've uploaded a fixed package to mentors.debian.net (didn't bump the
version number, since it hasn't reached Debian yet), which should
appear shortly once it's been processed:

  http://mentors.debian.net/package/jenkins

Thanks again,
Steven.

[signature.asc (application/pgp-signature, attachment)]

Message #42 received at 696816@bugs.debian.org (full text, mbox, reply):

From: James Page <james.page@ubuntu.com>

To: Steven McDonald <steven@steven-mcdonald.id.au>, 696816@bugs.debian.org

Subject: Re: Bug#696816: jenkins: Security issues were found in Jenkins core

Date: Tue, 29 Jan 2013 12:10:07 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Steve

On 25/01/13 15:18, Steven McDonald wrote:
> The issue was raised on debian-devel[0] that this bug still
> affects unstable and is causing jenkins to be a candidate for
> removal from wheezy. I have backported the fixes for these issues
> from upstream git; they are attached to this e-mail as separate
> quilt patches for the sake of cleanliness.

Thanks for the patches.

> I have also uploaded a source NMU package[1] to
> mentors.debian.net, which I intend to seek sponsorship for if I
> don't get a reply to this bug report within 72 hours (as the
> deadline given by the Release Team for removal from testing is 31st
> January).

I'll get a new version uploaded to unstable today; note that jenkins
is also effected by another security vulnerability (see [0]) which I
am currently waiting on upstream for a backported fix (its big).

Thanks

James

[0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697617

- -- 
James Page
Ubuntu Core Developer
Debian Maintainer
james.page@ubuntu.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCAAGBQJRB7wfAAoJEL/srsug59jDnX8P/1JftdCtKAeVDocwyoz9vzWZ
TkPurLAds5tU1lfp3adn41BpVnvzkuzDkT09yfYZlupqT8I14DfY0jSyCdCx/IrB
q2D9Rl7if3OQTq5cNgVAAzdg9LLyo9b2Pyj97N1B0zUTjDZTYwSlYE+alj7AuXcq
ahdDxNXCE46ZWfqwD+jpBjo4LRcdk/wL8zodu4rvBNFT6bfYV61yWNcrHg8g0eRm
abQHngL3C/yM6hUKSXWp/nurQmZLa/8gG4V1TV8Oal1JbhHakCyUDtxDMTjupmbU
J4QpN6wAdGndkzx+r85FoM4NqvoWRCUB8RCN4JOWF9zsK2hAVPceCMaf20+zH71j
+Ro42JytCbis9vlJfKkJqQnNaHcx7QL8xAykgSlIRdmDx9AdbGAWB7M5CMMtGJvW
3LXcFvcWHBKltqsvbG4/gwn/BR7bN0tZXQoquzYzjpT9qsiPf9oXt3KhPcFI0NO0
TtEltRdQ3NkT5cEBFVd0Cjz4qrsLIgRehJ0Tn+DK+TaCfXOarwExdqx1KrxwN0oO
IR0OMcW+nsxBI6IBCQkxtJ+MS+KNlQQA79XnYEnu1QyG5uJF6ibiV3+NJ1O3Aa4G
6Cq9ghV1lNwzj12CAoOkIZ+em+U2BZ2aHkC5LNC7gD4cMG78mgB5oQiuX26Lu5nc
8GE5eDO4br+DTV6Qdz3g
=jvHr
-----END PGP SIGNATURE-----

Message #47 received at 696816-close@bugs.debian.org (full text, mbox, reply):

From: James Page <james.page@ubuntu.com>

To: 696816-close@bugs.debian.org

Subject: Bug#696816: fixed in jenkins 1.447.2+dfsg-3

Date: Tue, 29 Jan 2013 13:32:46 +0000

Source: jenkins
Source-Version: 1.447.2+dfsg-3

We believe that the bug you reported is fixed in the latest version of
jenkins, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 696816@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
James Page <james.page@ubuntu.com> (supplier of updated jenkins package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 29 Jan 2013 12:24:30 +0000
Source: jenkins
Binary: libjenkins-java libjenkins-plugin-parent-java jenkins-common jenkins jenkins-slave jenkins-external-job-monitor jenkins-cli jenkins-tomcat
Architecture: source all
Version: 1.447.2+dfsg-3
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: James Page <james.page@ubuntu.com>
Description: 
 jenkins    - Continuous Integration and Job Scheduling Server
 jenkins-cli - Jenkins CI Command Line Interface
 jenkins-common - Jenkins common Java components and web application
 jenkins-external-job-monitor - Jenkins CI external job monitoring
 jenkins-slave - Jenkins slave node helper
 jenkins-tomcat - Jenkins CI on Tomcat 6
 libjenkins-java - Jenkins CI core Java libraries
 libjenkins-plugin-parent-java - Jenkins Plugin Parent Maven POM
Closes: 696816
Changes: 
 jenkins (1.447.2+dfsg-3) unstable; urgency=high
 .
   [ Steven McDonald ]
   * Fix multiple security issues in Jenkins core (Closes: #696816):
     - d/p/security/CVE-2012-6073.patch: Cherry-picked a fix from 1.480.1
       release to resolve an open redirect vulnerability.
     - d/p/security/CVE-2012-6074.patch: Cherry-picked a fix from 1.480.1
       release to resolve a cross-site scripting vulnerability.
     - Fixes: CVE-2012-6073, CVE-2012-6074
 .
   [ James Page ]
   * Ensure jenkins-winstone with fix for CVE-2012-6072 is picked up
     during build (Closes: #696816):
     - d/control: Version jenkins-winstone BD (>= 0.9.10-jenkins-37+dfsg-2~)
     - Fixes: CVE-2012-6072
Checksums-Sha1: 
 7580f6052d0b1de8c042187493c7beec46dcfb12 4475 jenkins_1.447.2+dfsg-3.dsc
 0b0f0ce70e0fddf7372cb2f2d80cefeb0a9d6af7 54469 jenkins_1.447.2+dfsg-3.debian.tar.gz
 908211191a44e6a14ea917fd6a3254caa5a71bae 6658952 libjenkins-java_1.447.2+dfsg-3_all.deb
 3a974e6e2d3b67f2115d0d49390eaddd06108353 14900 libjenkins-plugin-parent-java_1.447.2+dfsg-3_all.deb
 37061a2475eb0f1022a867675d2653b5658db426 33063274 jenkins-common_1.447.2+dfsg-3_all.deb
 d5245dcbbdc9cfb803cd0bca3cf8ce429a54fcb8 19020 jenkins_1.447.2+dfsg-3_all.deb
 749c52c3ac1b8d622c51507d001061ace186defa 18074 jenkins-slave_1.447.2+dfsg-3_all.deb
 413ec38b0e056dae3556ebced99bef678e8edfb1 6626398 jenkins-external-job-monitor_1.447.2+dfsg-3_all.deb
 7b1d8e91a2f88beeffb4ffed12093219d4d50ac7 667240 jenkins-cli_1.447.2+dfsg-3_all.deb
 bb00384db5e82f81f192cee6d5f3f444b931b7a2 15170 jenkins-tomcat_1.447.2+dfsg-3_all.deb
Checksums-Sha256: 
 6ddb43b9296862b9996c31aae806da0e2632b0b9125609bd51d27d5535c163a5 4475 jenkins_1.447.2+dfsg-3.dsc
 e6ce4634ea28fd27d6192149c70658a41e56b23d892c9c470b006dfe4941fca9 54469 jenkins_1.447.2+dfsg-3.debian.tar.gz
 4f91500090aff13f7fb4530e91ccdb608d3eee8521f7c76e94172747615cdb64 6658952 libjenkins-java_1.447.2+dfsg-3_all.deb
 25e9aa9111f7e5d0515410119d8dfa78cdc54ad32a1854ea7f02c41be819c15b 14900 libjenkins-plugin-parent-java_1.447.2+dfsg-3_all.deb
 ef124c9521e11d428466ecdb032b00c0f91c3313b823ed8d39f4510ca6c1b616 33063274 jenkins-common_1.447.2+dfsg-3_all.deb
 8a04a3558a6c9f1a0cd7fe1c745f18a7bf1d98f4e4da9fe727ca72808965b92c 19020 jenkins_1.447.2+dfsg-3_all.deb
 614c585ee5cbbcb3a2364a6c19617032de2a12748cac355120bb34a094694fdd 18074 jenkins-slave_1.447.2+dfsg-3_all.deb
 945de4b3f3c2e1258672a97420ec02eb16e9de0607b33e629510f6282a61e16b 6626398 jenkins-external-job-monitor_1.447.2+dfsg-3_all.deb
 ee97e8668a019ed5831693c8982ee164896a07e61cdb8b1b0fd2441b53abf5d4 667240 jenkins-cli_1.447.2+dfsg-3_all.deb
 2f38e96b5f0311ae0e682e6be99a6476c1c87e4739c966760c87bce91af9e687 15170 jenkins-tomcat_1.447.2+dfsg-3_all.deb
Files: 
 3aa1bcba2223e14f0e18b25540a24915 4475 java optional jenkins_1.447.2+dfsg-3.dsc
 91b755829bd3bba318fd4e1ae4aad8e6 54469 java optional jenkins_1.447.2+dfsg-3.debian.tar.gz
 24fe7eab2afe044ff6b730625ae902ca 6658952 java optional libjenkins-java_1.447.2+dfsg-3_all.deb
 84184f43487b3ff97f3faa1b58bff3f4 14900 java optional libjenkins-plugin-parent-java_1.447.2+dfsg-3_all.deb
 7cfab88e41805f0c990e8be8388724c3 33063274 java optional jenkins-common_1.447.2+dfsg-3_all.deb
 23fc82bfab611810ef92bcd4fe61aea8 19020 java optional jenkins_1.447.2+dfsg-3_all.deb
 dee141778396d855688962a5a57f395a 18074 java optional jenkins-slave_1.447.2+dfsg-3_all.deb
 b4cc7f614c013a88a6087c82be120cef 6626398 java optional jenkins-external-job-monitor_1.447.2+dfsg-3_all.deb
 41eeaee296a5f3709737d3f97115f62c 667240 java optional jenkins-cli_1.447.2+dfsg-3_all.deb
 b7658fc8d8cff31471c3806678183345 15170 java optional jenkins-tomcat_1.447.2+dfsg-3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJRB8e4AAoJEL/srsug59jDmXgQAIPZ/iF/mfJgyuqYxKUnHcZu
3hwFWypej1xGQr4cdNThF1GVlMPM2dgtm55BpNMnD8Z3EVf34DK2B50m4LAjoS2V
QwH8yEwHYk+CcWoWGJ8JXWtUh/lzurnjCFh6X+8249sICN3xqqw3HSQv4Bo+kXEC
VMXSlcNMHc4ZDfNK4pz4U5Qy38CtO0a8sT0CPbzSCSIKAIdlfRVYW9uqWXeBoSff
u3cHhjaxYgRr1mkaRaItoS8dV8EejId4tO4sGjBAsVVk5bQZj/oytqCS7Llo5Vd8
oWLll621WDBxkodd0xWMEuH15RSfv2KVn7HX4hHCgiGiEqFhqozZE9tIFazgfsXk
e+94U73CJRuR7PKbts1Og165XWkPNtVDnjNvR3OUUaipa3TrKZqzihpp+AovfEvC
f5erQCZ4FuZKDaCGFoMoN/cYfn1rbmQqitbGMg4itEZFtb9+MNuyZhgVqON7eduo
polZe+dC+VWEHS+bM4uI58xu0fWbNjeujGBxT5xAJ65i/mhxNrmynAgH34Tyf/zX
/SnF4hg8rcCcaQ61ntqXNDZDrS7ZXPLolHF7d4BzDZvJBhC7nfs5kVezoHvZohLZ
dBK27BxLywUDbnAobgkmz3S5ULeQ8kaw/DscYFzSR1TKArzXvMz4NeKYELNTb/FL
gNQtTfRJD++aUvLEwREH
=KO8N
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.