Bug#702099: marked as done (RM: jenkins/1.447.2+dfsg-3)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sat, 02 Mar 2013 18:20:31 +0000
with message-id <1362248431.11072.33.camel@jacala.jungle.funky-badger.org>
and subject line Re: Bug#702099: RM: jenkins/1.447.2+dfsg-3
has caused the Debian Bug report #702099,
regarding RM: jenkins/1.447.2+dfsg-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
702099: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702099
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: RM: jenkins/1.447.2+dfsg-3
• From: James Page <james.page@ubuntu.com>
• Date: Sat, 02 Mar 2013 18:12:25 +0000
• Message-id: <[🔎] 20130302181225.28345.81126.reportbug@hendrix.shouse.local>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: rm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Jenkins 1.447.2 suffers from the critical security vulnerability
identified in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697617.

The delta in the codebase between 1.447.2 and 1.480.2 makes backporting
the extensive fix to resolve this specific vulnerability extremely
hard; as a result I'm proposing to provide Jenkins via wheezy-backports
and keep tracking the upstream LTS releases.

I think this is the only plan which is realistically sustainable.

Please remove Jenkins from testing.

- -- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.8.0-8-generic (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJRMkEFAAoJEL/srsug59jDNp4P/0p1Ko1pvRkzZT3DlBXhvmIm
h/ygc43PIkxj+dvCH0EFfvASvLsU+zQucFapVm2+e5vC8iD/juB2Gi6QAbWIBpue
+beDthDrztnFgdLmWQ707gCurXB3GZ9PyTe9VWOqTU6YWpAjR4iFKsPv2mAVAFHt
qAEDZeNZCwl60dGBsulO3O0S1Hvu/w7awglF+YIiPJOYWdpMiDTGMzOVtXMvIS0r
/ccZ2N3+BoxMgURTGNmCrB4Xr7QK7boQFol/x2PJYLh3Qbm3sVsESlhLRQeVquEC
D01qzkwwiN9J2HwN2leog7RosnLIrt9Xa3VJNdwYCJAmn3sYkw37N3HSa2937BVz
oFwQHiOGbNFTF8IOeRrtMmAYb3kypWpq1ZoGOHJ607yFm3tikiDxl3gTuC/0cx2d
ElZwHc7ew/5LndMTMDYW1gdblXUzW17Jv6aUtnt02Mkkt6vbiz1PuIRU+lohqeE6
UViX99jApROJyRn9XMnY83I6c6KylwyPnfVJapCMblC+WBaEG5PCFZb/8yljePkE
ka2yhopq24ARfwJaAaMTOo0JXevb1uOHW9GsWoQMg/NH6PArwnyI97YeUwUwIX8/
2C1f+Y8raTJ8yxXPFgv/YDshuu/l4k9LRe52er3k5N1BXAAXr2vG0+vd1tlmgPuM
KBioatauHP8hq5k+zO8Y
=tOZg
-----END PGP SIGNATURE-----

--- End Message ---

--- Begin Message ---

• To: James Page <james.page@ubuntu.com>, 702099-done@bugs.debian.org
• Subject: Re: Bug#702099: RM: jenkins/1.447.2+dfsg-3
• From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
• Date: Sat, 02 Mar 2013 18:20:31 +0000
• Message-id: <1362248431.11072.33.camel@jacala.jungle.funky-badger.org>
• In-reply-to: <[🔎] 20130302181225.28345.81126.reportbug@hendrix.shouse.local>
• References: <[🔎] 20130302181225.28345.81126.reportbug@hendrix.shouse.local>

On Sat, 2013-03-02 at 18:12 +0000, James Page wrote:
> Jenkins 1.447.2 suffers from the critical security vulnerability
> identified in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697617.
[...]
> Please remove Jenkins from testing.

Removal hint added, together with jenkins-instance-identity and
jenkins-ssh-cli-auth, which have build-dependencies on jenkins (and
presumably don't make sense without it).

Regards,

Adam

--- End Message ---