oss-sec mailing list archives

Re: Security advisory in Jenkins

From: Solar Designer <solar () openwall com>
Date: Thu, 2 Oct 2014 06:20:52 +0400

On Thu, Oct 02, 2014 at 06:11:27AM +0400, Solar Designer wrote:

Many of these issues were brought to the distros list on Fri Sep 26
17:10:16 2014 UTC, and got their CVE IDs assigned there.  However,
CVE-2013-2186 was not among those.  I don't know why the old CVE ID,
nor how that issue was handled.


Looks like it was already public in 2013:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2186
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2186

(and in many other places).  I guess it was just not mentioned in an
upstream advisory before, hence the mention now?

Alexander

Current thread:

Security advisory in Jenkins Kohsuke Kawaguchi (Oct 01)
- Re: Security advisory in Jenkins Solar Designer (Oct 01)
- Re: Security advisory in Jenkins Bryan Drewery (Oct 01)
  - Re: Security advisory in Jenkins Solar Designer (Oct 01)
    - Re: Security advisory in Jenkins Solar Designer (Oct 01)
    - Re: Security advisory in Jenkins Kohsuke Kawaguchi (Oct 03)
    - Re: Security advisory in Jenkins Luca Carettoni (Oct 03)
    - Re: Security advisory in Jenkins Bryan Drewery (Oct 07)
    - Re: Security advisory in Jenkins Kohsuke Kawaguchi (Oct 07)
- Re: Security advisory in Jenkins Kohsuke Kawaguchi (Oct 06)
  - Re: Re: Security advisory in Jenkins Reed Loden (Oct 06)
    - Re: Re: Security advisory in Jenkins Kurt Seifried (Oct 06)