diff -Nru jenkins-1.409.1/debian/changelog jenkins-1.409.1/debian/changelog
--- jenkins-1.409.1/debian/changelog	2011-11-23 14:28:41.000000000 +0000
+++ jenkins-1.409.1/debian/changelog	2012-01-27 16:12:55.000000000 +0000
@@ -1,3 +1,13 @@
+jenkins (1.409.1-0ubuntu4.2) oneiric-security; urgency=low
+
+  * SECURITY UPDATE: Hash DoS vulnerability in parameter
+    handling (LP: #914628):
+    - Rebuild to pickup new versions of jenkins-executable-war and 
+      libjenkins-winstone-java with require parameter handling fixes.
+    - http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-01-10.cb
+
+ -- James Page <james.page@ubuntu.com>  Fri, 27 Jan 2012 16:11:59 +0000
+
 jenkins (1.409.1-0ubuntu4.1) oneiric-security; urgency=low
 
   * SECURITY UPDATE: Rebuild to pickup new version of jenkins-winstone
diff -Nru jenkins-1.409.1/debian/control jenkins-1.409.1/debian/control
--- jenkins-1.409.1/debian/control	2011-11-23 14:28:41.000000000 +0000
+++ jenkins-1.409.1/debian/control	2012-01-27 16:13:44.000000000 +0000
@@ -16,7 +16,7 @@
  glassfish-mail,
  groovy,
  jenkins-crypto-util,
- jenkins-executable-war,
+ jenkins-executable-war (>= 1.22-1ubuntu0.1~),
  jenkins-memory-monitor,
  jenkins-task-reactor,
  jenkins-test-annotations,
@@ -47,7 +47,7 @@
  libjenkins-commons-jelly-java,
  libjenkins-commons-jexl-java,
  libjenkins-trilead-ssh2-java,
- libjenkins-winstone-java (>= 0.9.10-jenkins-25+dfsg-0ubuntu2.1~),
+ libjenkins-winstone-java (>= 0.9.10-jenkins-25+dfsg-0ubuntu2.2~),
  libjenkins-xstream-java,
  libjetty-java,
  libjffi-java,