Date: Wed, 01 Oct 2014 20:36:59 -0500 From: Bryan Drewery <bdrewery@...eBSD.org> To: oss-security@...ts.openwall.com Subject: Re: Security advisory in Jenkins On 10/1/2014 6:25 PM, Kohsuke Kawaguchi wrote: > Hello, > > I just wanted to share that the Jenkins project issued a security advisory > today. These issues are independently found and we've aggregated into a > single release. > > The relevant CVE IDs, our bug tracking IDs are available here > <https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01> > . > > The new versions can be downloaded from here > <http://mirrors.jenkins-ci.org/>. > > (This is the first time I do this, so my apologies in advance for probably > failing to follow the expected format.) > Kudos to all for finding and fixing these issues. It was quite a surprising list though. Were these fixes kept from release for an extended time? The timeframe for CVE-2013-2186 is especially concerning. -- Regards, Bryan Drewery Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.