[ubuntu/oneiric-security] jenkins-winstone 0.9.10-jenkins-25+dfsg-0ubuntu2.1 (Accepted)

James Page james.page at ubuntu.com
Wed Nov 23 17:03:23 UTC 2011 

jenkins-winstone (0.9.10-jenkins-25+dfsg-0ubuntu2.1) oneiric-security; urgency=low

  * SECURITY UPDATE: XSS vulnerability in default error pages.
    - debian/patches/fix_xss.patch: escape error messages which are supposed
      be plain text and not markup in
      src/java/winstone/ErrorServlet.java,
      src/java/winstone/URIUtil.java,
      src/java/winstone/WinstoneResponse.java
    - http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2011-11-08.cb
  * d/maven.{properties,ignoreRules}: Disabled testing as htmlunit is
    currently broken in 11.10.

Date: Tue, 22 Nov 2011 12:21:24 +0000
Changed-By: James Page <james.page at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/oneiric/+source/jenkins-winstone/0.9.10-jenkins-25+dfsg-0ubuntu2.1
-------------- next part --------------
Format: 1.8
Date: Tue, 22 Nov 2011 12:21:24 +0000
Source: jenkins-winstone
Binary: libjenkins-winstone-java libjenkins-winstone-java-doc
Architecture: source
Version: 0.9.10-jenkins-25+dfsg-0ubuntu2.1
Distribution: oneiric-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: James Page <james.page at ubuntu.com>
Description: 
 libjenkins-winstone-java - Jenkins branch of Winstone servlet container
 libjenkins-winstone-java-doc - Documentation for libjenkins-winstone-java
Changes: 
 jenkins-winstone (0.9.10-jenkins-25+dfsg-0ubuntu2.1) oneiric-security; urgency=low
 .
   * SECURITY UPDATE: XSS vulnerability in default error pages.
     - debian/patches/fix_xss.patch: escape error messages which are supposed
       be plain text and not markup in
       src/java/winstone/ErrorServlet.java,
       src/java/winstone/URIUtil.java,
       src/java/winstone/WinstoneResponse.java
     - http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2011-11-08.cb
   * d/maven.{properties,ignoreRules}: Disabled testing as htmlunit is
     currently broken in 11.10.
Checksums-Sha1: 
 ce464ac4c890a8fd01849a54de9653a5d90efccd 2226 jenkins-winstone_0.9.10-jenkins-25+dfsg-0ubuntu2.1.dsc
 c8f5abf90fb4a2b005c5405b3aceb29fb6783c1f 69749 jenkins-winstone_0.9.10-jenkins-25+dfsg-0ubuntu2.1.debian.tar.gz
Checksums-Sha256: 
 ada79f678b66c9411b0e6c0f8028706020ed897eb65651f11f3392fc97407012 2226 jenkins-winstone_0.9.10-jenkins-25+dfsg-0ubuntu2.1.dsc
 fa570faa9f62d2110e2115b4b5710141638d7553e5860c4f8779e141c9c0455d 69749 jenkins-winstone_0.9.10-jenkins-25+dfsg-0ubuntu2.1.debian.tar.gz
Files: 
 63509a37cf66f2342fca6e1bff600e2d 2226 java optional jenkins-winstone_0.9.10-jenkins-25+dfsg-0ubuntu2.1.dsc
 1952bf4fa1403ee938c4c51415de7c4a 69749 java optional jenkins-winstone_0.9.10-jenkins-25+dfsg-0ubuntu2.1.debian.tar.gz
Original-Maintainer: Hudson Ubuntu Packagers <hudson-ubuntu at lists.launchpad.net>

More information about the Oneiric-changes mailing list