Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 01 Oct 2014 20:36:59 -0500
From: Bryan Drewery <>
Subject: Re: Security advisory in Jenkins

On 10/1/2014 6:25 PM, Kohsuke Kawaguchi wrote:
> Hello,
> I just wanted to share that the Jenkins project issued a security advisory
> today. These issues are independently found and we've aggregated into a
> single release.
> The relevant CVE IDs, our bug tracking IDs are available here
> <>
> .
> The new versions can be downloaded from here
> <>.
> (This is the first time I do this, so my apologies in advance for probably
> failing to follow the expected format.)

Kudos to all for finding and fixing these issues. It was quite a
surprising list though. Were these fixes kept from release for an
extended time? The timeframe for CVE-2013-2186 is especially concerning.

Bryan Drewery

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ