-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 29 Jan 2013 12:24:30 +0000 Source: jenkins Binary: libjenkins-java libjenkins-plugin-parent-java jenkins-common jenkins jenkins-slave jenkins-external-job-monitor jenkins-cli jenkins-tomcat Architecture: source all Version: 1.447.2+dfsg-3 Distribution: unstable Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: James Page <james.page@ubuntu.com> Description: jenkins - Continuous Integration and Job Scheduling Server jenkins-cli - Jenkins CI Command Line Interface jenkins-common - Jenkins common Java components and web application jenkins-external-job-monitor - Jenkins CI external job monitoring jenkins-slave - Jenkins slave node helper jenkins-tomcat - Jenkins CI on Tomcat 6 libjenkins-java - Jenkins CI core Java libraries libjenkins-plugin-parent-java - Jenkins Plugin Parent Maven POM Closes: 696816 Changes: jenkins (1.447.2+dfsg-3) unstable; urgency=high . [ Steven McDonald ] * Fix multiple security issues in Jenkins core (Closes: #696816): - d/p/security/CVE-2012-6073.patch: Cherry-picked a fix from 1.480.1 release to resolve an open redirect vulnerability. - d/p/security/CVE-2012-6074.patch: Cherry-picked a fix from 1.480.1 release to resolve a cross-site scripting vulnerability. - Fixes: CVE-2012-6073, CVE-2012-6074 . [ James Page ] * Ensure jenkins-winstone with fix for CVE-2012-6072 is picked up during build (Closes: #696816): - d/control: Version jenkins-winstone BD (>= 0.9.10-jenkins-37+dfsg-2~) - Fixes: CVE-2012-6072 Checksums-Sha1: 7580f6052d0b1de8c042187493c7beec46dcfb12 4475 jenkins_1.447.2+dfsg-3.dsc 0b0f0ce70e0fddf7372cb2f2d80cefeb0a9d6af7 54469 jenkins_1.447.2+dfsg-3.debian.tar.gz 908211191a44e6a14ea917fd6a3254caa5a71bae 6658952 libjenkins-java_1.447.2+dfsg-3_all.deb 3a974e6e2d3b67f2115d0d49390eaddd06108353 14900 libjenkins-plugin-parent-java_1.447.2+dfsg-3_all.deb 37061a2475eb0f1022a867675d2653b5658db426 33063274 jenkins-common_1.447.2+dfsg-3_all.deb d5245dcbbdc9cfb803cd0bca3cf8ce429a54fcb8 19020 jenkins_1.447.2+dfsg-3_all.deb 749c52c3ac1b8d622c51507d001061ace186defa 18074 jenkins-slave_1.447.2+dfsg-3_all.deb 413ec38b0e056dae3556ebced99bef678e8edfb1 6626398 jenkins-external-job-monitor_1.447.2+dfsg-3_all.deb 7b1d8e91a2f88beeffb4ffed12093219d4d50ac7 667240 jenkins-cli_1.447.2+dfsg-3_all.deb bb00384db5e82f81f192cee6d5f3f444b931b7a2 15170 jenkins-tomcat_1.447.2+dfsg-3_all.deb Checksums-Sha256: 6ddb43b9296862b9996c31aae806da0e2632b0b9125609bd51d27d5535c163a5 4475 jenkins_1.447.2+dfsg-3.dsc e6ce4634ea28fd27d6192149c70658a41e56b23d892c9c470b006dfe4941fca9 54469 jenkins_1.447.2+dfsg-3.debian.tar.gz 4f91500090aff13f7fb4530e91ccdb608d3eee8521f7c76e94172747615cdb64 6658952 libjenkins-java_1.447.2+dfsg-3_all.deb 25e9aa9111f7e5d0515410119d8dfa78cdc54ad32a1854ea7f02c41be819c15b 14900 libjenkins-plugin-parent-java_1.447.2+dfsg-3_all.deb ef124c9521e11d428466ecdb032b00c0f91c3313b823ed8d39f4510ca6c1b616 33063274 jenkins-common_1.447.2+dfsg-3_all.deb 8a04a3558a6c9f1a0cd7fe1c745f18a7bf1d98f4e4da9fe727ca72808965b92c 19020 jenkins_1.447.2+dfsg-3_all.deb 614c585ee5cbbcb3a2364a6c19617032de2a12748cac355120bb34a094694fdd 18074 jenkins-slave_1.447.2+dfsg-3_all.deb 945de4b3f3c2e1258672a97420ec02eb16e9de0607b33e629510f6282a61e16b 6626398 jenkins-external-job-monitor_1.447.2+dfsg-3_all.deb ee97e8668a019ed5831693c8982ee164896a07e61cdb8b1b0fd2441b53abf5d4 667240 jenkins-cli_1.447.2+dfsg-3_all.deb 2f38e96b5f0311ae0e682e6be99a6476c1c87e4739c966760c87bce91af9e687 15170 jenkins-tomcat_1.447.2+dfsg-3_all.deb Files: 3aa1bcba2223e14f0e18b25540a24915 4475 java optional jenkins_1.447.2+dfsg-3.dsc 91b755829bd3bba318fd4e1ae4aad8e6 54469 java optional jenkins_1.447.2+dfsg-3.debian.tar.gz 24fe7eab2afe044ff6b730625ae902ca 6658952 java optional libjenkins-java_1.447.2+dfsg-3_all.deb 84184f43487b3ff97f3faa1b58bff3f4 14900 java optional libjenkins-plugin-parent-java_1.447.2+dfsg-3_all.deb 7cfab88e41805f0c990e8be8388724c3 33063274 java optional jenkins-common_1.447.2+dfsg-3_all.deb 23fc82bfab611810ef92bcd4fe61aea8 19020 java optional jenkins_1.447.2+dfsg-3_all.deb dee141778396d855688962a5a57f395a 18074 java optional jenkins-slave_1.447.2+dfsg-3_all.deb b4cc7f614c013a88a6087c82be120cef 6626398 java optional jenkins-external-job-monitor_1.447.2+dfsg-3_all.deb 41eeaee296a5f3709737d3f97115f62c 667240 java optional jenkins-cli_1.447.2+dfsg-3_all.deb b7658fc8d8cff31471c3806678183345 15170 java optional jenkins-tomcat_1.447.2+dfsg-3_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJRB8e4AAoJEL/srsug59jDmXgQAIPZ/iF/mfJgyuqYxKUnHcZu 3hwFWypej1xGQr4cdNThF1GVlMPM2dgtm55BpNMnD8Z3EVf34DK2B50m4LAjoS2V QwH8yEwHYk+CcWoWGJ8JXWtUh/lzurnjCFh6X+8249sICN3xqqw3HSQv4Bo+kXEC VMXSlcNMHc4ZDfNK4pz4U5Qy38CtO0a8sT0CPbzSCSIKAIdlfRVYW9uqWXeBoSff u3cHhjaxYgRr1mkaRaItoS8dV8EejId4tO4sGjBAsVVk5bQZj/oytqCS7Llo5Vd8 oWLll621WDBxkodd0xWMEuH15RSfv2KVn7HX4hHCgiGiEqFhqozZE9tIFazgfsXk e+94U73CJRuR7PKbts1Og165XWkPNtVDnjNvR3OUUaipa3TrKZqzihpp+AovfEvC f5erQCZ4FuZKDaCGFoMoN/cYfn1rbmQqitbGMg4itEZFtb9+MNuyZhgVqON7eduo polZe+dC+VWEHS+bM4uI58xu0fWbNjeujGBxT5xAJ65i/mhxNrmynAgH34Tyf/zX /SnF4hg8rcCcaQ61ntqXNDZDrS7ZXPLolHF7d4BzDZvJBhC7nfs5kVezoHvZohLZ dBK27BxLywUDbnAobgkmz3S5ULeQ8kaw/DscYFzSR1TKArzXvMz4NeKYELNTb/FL gNQtTfRJD++aUvLEwREH =KO8N -----END PGP SIGNATURE-----
