Bug 18446

Summary: jenkins new security issues CVE-2016-372[1-7]
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Nicolas Lécureuil <mageia>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: geiger.david68210
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/688829/
Whiteboard:
Source RPM: jenkins-1.651.1-1.mga6.src.rpm CVE:
Status comment:

Description David Walser 2016-05-12 16:12:01 CEST 
Upstream has issued an advisory on May 11:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11

The issues are fixed in 1.651.2.  I don't know if any other jenkins-* packages are affected like last time.

As I also pointed out last time, this package is apparently not needed and likely should just be dropped.
David Walser 2016-05-12 16:12:10 CEST

CC: (none) => geiger.david68210

Comment 1 David GEIGER 2016-05-13 15:08:13 CEST 
Done for Cauldron! updated to latest upstream release 1.651.2
Comment 3 David Walser 2016-05-27 18:50:38 CEST 
Fedora has issued an advisory for CVE-2016-372[1-7] on May 26:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ESNTQRJJFFWVZIL6FDQTTKAXDLWWUADD/

URL: (none) => http://lwn.net/Vulnerabilities/688829/

Comment 4 David Walser 2016-07-22 21:46:00 CEST 
Thanks David!  I believe the original bug here is fixed, and the Comment 2 issue is fixed in Cauldron.  I filed Bug 19028 for the Comment 2 issue in Mageia 5.

Status: NEW => RESOLVED
Resolution: (none) => FIXED