oss-sec mailing list archives
Re: Security advisory in Jenkins
From: Bryan Drewery <bdrewery () FreeBSD org>
Date: Wed, 01 Oct 2014 20:36:59 -0500
On 10/1/2014 6:25 PM, Kohsuke Kawaguchi wrote:
Hello, I just wanted to share that the Jenkins project issued a security advisory today. These issues are independently found and we've aggregated into a single release. The relevant CVE IDs, our bug tracking IDs are available here <https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01> . The new versions can be downloaded from here <http://mirrors.jenkins-ci.org/>. (This is the first time I do this, so my apologies in advance for probably failing to follow the expected format.)
Kudos to all for finding and fixing these issues. It was quite a surprising list though. Were these fixes kept from release for an extended time? The timeframe for CVE-2013-2186 is especially concerning. -- Regards, Bryan Drewery
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Security advisory in Jenkins Kohsuke Kawaguchi (Oct 01)
- Re: Security advisory in Jenkins Solar Designer (Oct 01)
- Re: Security advisory in Jenkins Bryan Drewery (Oct 01)
- Re: Security advisory in Jenkins Solar Designer (Oct 01)
- Re: Security advisory in Jenkins Solar Designer (Oct 01)
- Re: Security advisory in Jenkins Kohsuke Kawaguchi (Oct 03)
- Re: Security advisory in Jenkins Luca Carettoni (Oct 03)
- Re: Security advisory in Jenkins Bryan Drewery (Oct 07)
- Re: Security advisory in Jenkins Kohsuke Kawaguchi (Oct 07)
- Re: Security advisory in Jenkins Solar Designer (Oct 01)
- Re: Re: Security advisory in Jenkins Reed Loden (Oct 06)
- Re: Re: Security advisory in Jenkins Kurt Seifried (Oct 06)