2012-01-11 08:11:26 |
James Page |
bug |
|
|
added bug |
2012-01-11 08:12:02 |
James Page |
bug task added |
|
jenkins-executable-war (Ubuntu) |
|
2012-01-11 08:12:20 |
James Page |
bug task added |
|
jenkins-winstone (Ubuntu) |
|
2012-01-11 08:12:52 |
James Page |
description |
Jenkins running standalone (as it does in the Ubuntu packaging) is vulnerable to the Hash DoS attack as detailed here:
http://www.ocert.org/advisories/ocert-2011-003.html
Full details of the Jenkins vulnerability:
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-01-10.cb
I believe this will require updates to jenkins-executable-war (1.25) and jenkins-winstone (0.9.10-jenkins-31): |
Jenkins running standalone (as it does in the Ubuntu packaging) is vulnerable to the Hash DoS attack as detailed here:
http://www.ocert.org/advisories/ocert-2011-003.html
Full details of the Jenkins vulnerability:
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-01-10.cb
I believe this will require updates to jenkins-executable-war (1.25) and jenkins-winstone (0.9.10-jenkins-31). |
|
2012-01-11 08:16:03 |
James Page |
nominated for series |
|
Ubuntu Oneiric |
|
2012-01-11 08:16:03 |
James Page |
bug task added |
|
jenkins (Ubuntu Oneiric) |
|
2012-01-11 08:16:03 |
James Page |
bug task added |
|
jenkins-executable-war (Ubuntu Oneiric) |
|
2012-01-11 08:16:03 |
James Page |
bug task added |
|
jenkins-winstone (Ubuntu Oneiric) |
|
2012-01-11 08:16:03 |
James Page |
nominated for series |
|
Ubuntu Precise |
|
2012-01-11 08:16:03 |
James Page |
bug task added |
|
jenkins (Ubuntu Precise) |
|
2012-01-11 08:16:03 |
James Page |
bug task added |
|
jenkins-executable-war (Ubuntu Precise) |
|
2012-01-11 08:16:03 |
James Page |
bug task added |
|
jenkins-winstone (Ubuntu Precise) |
|
2012-01-13 12:00:25 |
Launchpad Janitor |
jenkins-executable-war (Ubuntu Precise): status |
New |
Fix Released |
|
2012-01-13 12:05:12 |
Launchpad Janitor |
jenkins-winstone (Ubuntu Precise): status |
New |
Fix Released |
|
2012-01-13 12:48:22 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/jenkins-executable-war |
|
2012-01-13 12:48:32 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/jenkins-winstone |
|
2012-01-15 03:29:26 |
Launchpad Janitor |
branch linked |
|
lp:debian/jenkins-winstone |
|
2012-01-15 03:33:22 |
Launchpad Janitor |
branch linked |
|
lp:debian/jenkins-executable-war |
|
2012-01-18 12:30:31 |
James Page |
jenkins (Ubuntu Precise): status |
New |
Fix Released |
|
2012-01-27 15:54:50 |
James Page |
jenkins (Ubuntu Oneiric): assignee |
|
James Page (james-page) |
|
2012-01-27 15:54:53 |
James Page |
jenkins (Ubuntu Oneiric): importance |
Undecided |
Medium |
|
2012-01-27 15:54:56 |
James Page |
jenkins (Ubuntu Oneiric): status |
New |
In Progress |
|
2012-01-27 15:54:59 |
James Page |
jenkins-executable-war (Ubuntu Oneiric): status |
New |
In Progress |
|
2012-01-27 15:55:01 |
James Page |
jenkins-winstone (Ubuntu Oneiric): status |
New |
In Progress |
|
2012-01-27 15:55:06 |
James Page |
jenkins-winstone (Ubuntu Oneiric): assignee |
|
James Page (james-page) |
|
2012-01-27 15:55:10 |
James Page |
jenkins-executable-war (Ubuntu Oneiric): assignee |
|
James Page (james-page) |
|
2012-01-27 15:55:15 |
James Page |
visibility |
private |
public |
|
2012-01-27 15:55:24 |
James Page |
jenkins-executable-war (Ubuntu Oneiric): importance |
Undecided |
Medium |
|
2012-01-27 15:55:27 |
James Page |
jenkins-winstone (Ubuntu Oneiric): importance |
Undecided |
Medium |
|
2012-01-27 16:01:46 |
James Page |
attachment added |
|
jenkins-winstone.debdiff https://bugs.launchpad.net/ubuntu/+source/jenkins/+bug/914628/+attachment/2696671/+files/jenkins-winstone.debdiff |
|
2012-01-27 16:10:37 |
James Page |
attachment added |
|
jenkins-executable-war.debdiff https://bugs.launchpad.net/ubuntu/+source/jenkins/+bug/914628/+attachment/2696681/+files/jenkins-executable-war.debdiff |
|
2012-01-27 16:26:15 |
James Page |
attachment added |
|
jenkins.debdiff https://bugs.launchpad.net/ubuntu/+source/jenkins/+bug/914628/+attachment/2696717/+files/jenkins.debdiff |
|
2012-01-27 16:29:12 |
James Page |
bug |
|
|
added subscriber Ubuntu Security Sponsors Team |
2012-01-27 19:50:42 |
Steve Beattie |
jenkins (Ubuntu Oneiric): assignee |
James Page (james-page) |
Steve Beattie (sbeattie) |
|
2012-01-27 19:50:46 |
Steve Beattie |
jenkins-executable-war (Ubuntu Oneiric): assignee |
James Page (james-page) |
Steve Beattie (sbeattie) |
|
2012-01-27 19:50:50 |
Steve Beattie |
jenkins-winstone (Ubuntu Oneiric): assignee |
James Page (james-page) |
Steve Beattie (sbeattie) |
|
2012-01-27 20:06:07 |
Bryce Harrington |
description |
Jenkins running standalone (as it does in the Ubuntu packaging) is vulnerable to the Hash DoS attack as detailed here:
http://www.ocert.org/advisories/ocert-2011-003.html
Full details of the Jenkins vulnerability:
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-01-10.cb
I believe this will require updates to jenkins-executable-war (1.25) and jenkins-winstone (0.9.10-jenkins-31). |
[Impact]
<fill me in with explanation of severity and frequency of bug on users and justification for backporting the fix to the stable release>
[Development Fix]
<fill me in with an explanation of how the bug has been addressed in the development branch, including the relevant version numbers of packages modified in order to implement the fix. >
[Stable Fix]
<fill me in by pointing out a minimal patch applicable to the stable version of the package.>
[Text Case]
<fill me in with detailed *instructions* on how to reproduce the bug. This will be used by people later on to verify the updated package fixes the problem.>
1.
2.
3.
Broken Behavior:
Fixed Behavior:
[Regression Potential]
<fill me in with a discussion of likelihood and potential severity of regressions and how users could get inadvertently affected.
[Original Report]
Jenkins running standalone (as it does in the Ubuntu packaging) is vulnerable to the Hash DoS attack as detailed here:
http://www.ocert.org/advisories/ocert-2011-003.html
Full details of the Jenkins vulnerability:
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-01-10.cb
I believe this will require updates to jenkins-executable-war (1.25) and jenkins-winstone (0.9.10-jenkins-31). |
|
2012-01-30 08:03:51 |
Launchpad Janitor |
jenkins (Ubuntu Oneiric): status |
In Progress |
Fix Released |
|
2012-01-30 08:03:51 |
Launchpad Janitor |
jenkins-executable-war (Ubuntu Oneiric): status |
In Progress |
Fix Released |
|
2012-01-30 08:03:51 |
Launchpad Janitor |
jenkins-winstone (Ubuntu Oneiric): status |
In Progress |
Fix Released |
|
2012-01-30 08:09:22 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/oneiric-security/jenkins-executable-war |
|
2012-01-30 08:09:25 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/oneiric-security/jenkins-winstone |
|
2012-01-30 08:10:30 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/oneiric-security/jenkins |
|