CVE request: jenkins

[Jamie Strandboge <jamie () canonical com>]

XSS in jenkins[1]:

"Luca De Fulgentis discovered a cross-site scripting vulnerability in
Jenkins that allows an attacker to embed malicious JavaScript into pages
generated by Jenkins. The attacker does not need a valid user account in
order to exploit this vulnerability."

This is part of the "winstone" servlet container that Jenkins runs in
when running in standalone mode.

Patch:
https://github.com/jenkinsci/winstone/commit/410ed3001d51c689cf59085b7417466caa2ded7b.patch


[1]http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2011-11-08.cb

-- 
Jamie Strandboge             | http://www.canonical.com

Attachment: signature.asc
Description: This is a digitally signed message part