Upstream has issued an advisory today (February 1): https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2017-02-01 The issues are fixed upstream in 2.32.2. Our Jenkins version is from last June, and it looks like they've moved on to a new LTS branch.
CC: (none) => geiger.david68210Whiteboard: (none) => MGA5TOO
Fedora has addressed CVE-2016-9299 today (March 5) in jenkins and jenkins-remoting: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZE7XYOLIPAJFIIPWZPAVZYEAOAT6LHIJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XKRLBXFPKTEBV4JI66GC2KQDE3TLZMYR/
Upstream has issued an advisory on April 26: https://jenkins.io/security/advisory/2017-04-26/ The issues are fixed in 2.46.2.
CVE-2016-9299 is now fixed in cauldron. I will see for the new LTS soon ( after fixing jetty )
Status: NEW => RESOLVEDCVE: (none) => CVE-2016-9299Resolution: (none) => FIXEDWhiteboard: MGA5TOO => (none)
Nothing has been done to the jenkins package in Cauldron in 6 months. This bug was marked as Mageia 5 too because jenkins-remoting is in Mageia 5 and is one of the affected ones.
Status: RESOLVED => REOPENEDResolution: FIXED => (none)Whiteboard: (none) => MGA5TOO
Not sure if jenkins-remoting in Mageia 6 is affected by an issue in Comment 2, but I'll mark this as OK for Mageia 6 for now. jenkins-remoting in Mageia 5 still needs to be addressed, at least for Comment 1.
Whiteboard: MGA5TOO => (none)Version: Cauldron => 5
Upstream has issued an advisory today (October 11): https://jenkins.io/security/advisory/2017-10-11/ The issues are fixed in 2.73.2.
Upstream has issued an advisory on November 8: https://jenkins.io/security/advisory/2017-11-08/ The issues are fixed in 2.73.3.
Upstream has issued an advisory today (December 14): https://jenkins.io/security/advisory/2017-12-14/ The issues are fixed in 2.89.2.
This package is unsupportable.
Resolution: (none) => OLDStatus: REOPENED => RESOLVED