* SECURITY UPDATE: XSS vulnerability in default error pages.
- debian/patches/fix_xss.patch: escape error messages which are supposed
be plain text and not markup in
src/java/winstone/ErrorServlet.java,
src/java/winstone/URIUtil.java,
src/java/winstone/WinstoneResponse.java
- http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2011-11-08.cb
* d/maven.{properties,ignoreRules}: Disabled testing as htmlunit is
currently broken in 11.10.
jenkins-winstone (0.9.10- jenkins- 25+dfsg- 0ubuntu2. 1) oneiric-security; urgency=low
* SECURITY UPDATE: XSS vulnerability in default error pages. patches/ fix_xss. patch: escape error messages which are supposed java/winstone/ ErrorServlet. java, java/winstone/ URIUtil. java, java/winstone/ WinstoneRespons e.java www.cloudbees. com/jenkins- advisory/ jenkins- security- advisory- 2011-11- 08.cb {properties, ignoreRules} : Disabled testing as htmlunit is
- debian/
be plain text and not markup in
src/
src/
src/
- http://
* d/maven.
currently broken in 11.10.