oss-sec mailing list archives

Re: Security advisory in Jenkins

From: Bryan Drewery <bdrewery () FreeBSD org>
Date: Wed, 01 Oct 2014 20:36:59 -0500

On 10/1/2014 6:25 PM, Kohsuke Kawaguchi wrote:

Hello,

I just wanted to share that the Jenkins project issued a security advisory
today. These issues are independently found and we've aggregated into a
single release.

The relevant CVE IDs, our bug tracking IDs are available here
<https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01>
.

The new versions can be downloaded from here
<http://mirrors.jenkins-ci.org/>.

(This is the first time I do this, so my apologies in advance for probably
failing to follow the expected format.)


Kudos to all for finding and fixing these issues. It was quite a
surprising list though. Were these fixes kept from release for an
extended time? The timeframe for CVE-2013-2186 is especially concerning.

-- 
Regards,
Bryan Drewery

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

Security advisory in Jenkins Kohsuke Kawaguchi (Oct 01)
- Re: Security advisory in Jenkins Solar Designer (Oct 01)
- Re: Security advisory in Jenkins Bryan Drewery (Oct 01)
  - Re: Security advisory in Jenkins Solar Designer (Oct 01)
    - Re: Security advisory in Jenkins Solar Designer (Oct 01)
    - Re: Security advisory in Jenkins Kohsuke Kawaguchi (Oct 03)
    - Re: Security advisory in Jenkins Luca Carettoni (Oct 03)
    - Re: Security advisory in Jenkins Bryan Drewery (Oct 07)
    - Re: Security advisory in Jenkins Kohsuke Kawaguchi (Oct 07)
- Re: Security advisory in Jenkins Kohsuke Kawaguchi (Oct 06)
  - Re: Re: Security advisory in Jenkins Reed Loden (Oct 06)
    - Re: Re: Security advisory in Jenkins Kurt Seifried (Oct 06)