Date: Wed, 01 Oct 2014 20:36:59 -0500 From: Bryan Drewery <bdrewery@...eBSD.org> To: oss-security@...ts.openwall.com Subject: Re: Security advisory in Jenkins On 10/1/2014 6:25 PM, Kohsuke Kawaguchi wrote: > Hello, > > I just wanted to share that the Jenkins project issued a security advisory > today. These issues are independently found and we've aggregated into a > single release. > > The relevant CVE IDs, our bug tracking IDs are available here > <https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01> > . > > The new versions can be downloaded from here > <http://mirrors.jenkins-ci.org/>. > > (This is the first time I do this, so my apologies in advance for probably > failing to follow the expected format.) > Kudos to all for finding and fixing these issues. It was quite a surprising list though. Were these fixes kept from release for an extended time? The timeframe for CVE-2013-2186 is especially concerning. -- Regards, Bryan Drewery [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ