Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 01 Oct 2014 20:36:59 -0500
From: Bryan Drewery <bdrewery@...eBSD.org>
To: oss-security@...ts.openwall.com
Subject: Re: Security advisory in Jenkins

On 10/1/2014 6:25 PM, Kohsuke Kawaguchi wrote:
> Hello,
> 
> I just wanted to share that the Jenkins project issued a security advisory
> today. These issues are independently found and we've aggregated into a
> single release.
> 
> The relevant CVE IDs, our bug tracking IDs are available here
> <https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01>
> .
> 
> The new versions can be downloaded from here
> <http://mirrors.jenkins-ci.org/>.
> 
> (This is the first time I do this, so my apologies in advance for probably
> failing to follow the expected format.)
> 

Kudos to all for finding and fixing these issues. It was quite a
surprising list though. Were these fixes kept from release for an
extended time? The timeframe for CVE-2013-2186 is especially concerning.

-- 
Regards,
Bryan Drewery


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ