Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 01 Oct 2014 20:36:59 -0500
From: Bryan Drewery <bdrewery@...eBSD.org>
To: oss-security@...ts.openwall.com
Subject: Re: Security advisory in Jenkins

On 10/1/2014 6:25 PM, Kohsuke Kawaguchi wrote:
> Hello,
> 
> I just wanted to share that the Jenkins project issued a security advisory
> today. These issues are independently found and we've aggregated into a
> single release.
> 
> The relevant CVE IDs, our bug tracking IDs are available here
> <https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01>
> .
> 
> The new versions can be downloaded from here
> <http://mirrors.jenkins-ci.org/>.
> 
> (This is the first time I do this, so my apologies in advance for probably
> failing to follow the expected format.)
> 

Kudos to all for finding and fixing these issues. It was quite a
surprising list though. Were these fixes kept from release for an
extended time? The timeframe for CVE-2013-2186 is especially concerning.

-- 
Regards,
Bryan Drewery


Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.