Upstream has issued an advisory on May 11: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 The issues are fixed in 1.651.2. I don't know if any other jenkins-* packages are affected like last time. As I also pointed out last time, this package is apparently not needed and likely should just be dropped.
CC: (none) => geiger.david68210
Done for Cauldron! updated to latest upstream release 1.651.2
Upstream has issued an advisory on April 11 as well: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-04-11 According to this RedHat bug, it may affect jenkins-remoting, owasp-java-html-sanitizer, and tiger-types in Mageia 5 as well: https://bugzilla.redhat.com/show_bug.cgi?id=1326403 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KSYJXBX5UGIKZXAPMLSANUC76ANDH7DR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZYYKALUJH7IZHFDEC3QANIX3RLUT2EKV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/POSZHNPL7GYBIDPZECG6DYV7UKDSAJI4/ This issue is CVE-2016-3102.
Fedora has issued an advisory for CVE-2016-372[1-7] on May 26: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ESNTQRJJFFWVZIL6FDQTTKAXDLWWUADD/
URL: (none) => http://lwn.net/Vulnerabilities/688829/
Thanks David! I believe the original bug here is fixed, and the Comment 2 issue is fixed in Cauldron. I filed Bug 19028 for the Comment 2 issue in Mageia 5.
Status: NEW => RESOLVEDResolution: (none) => FIXED