Jenkins has issued an advisory on April 11: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-04-11 According to this RedHat bug, it may affect jenkins-remoting, owasp-java-html-sanitizer, and tiger-types in Mageia 5: https://bugzilla.redhat.com/show_bug.cgi?id=1326403 Fedora advisories for those packages: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KSYJXBX5UGIKZXAPMLSANUC76ANDH7DR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZYYKALUJH7IZHFDEC3QANIX3RLUT2EKV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/POSZHNPL7GYBIDPZECG6DYV7UKDSAJI4/ They just updated them to 2.57, 20160422.1, and 2.2, respectively. We already have these versions in Cauldron.
CC: (none) => geiger.david68210
According to these full commits: https://github.com/jenkinsci/remoting/commits/2.59.x , I don't found any reference about SECURITY-258 / CVE-2016-3102.
We won't be fixing these kind of packages for Mageia 5. It would be nice if we could drop them from Cauldron, as they're not really supportable.
Resolution: (none) => OLDStatus: NEW => RESOLVED