[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#702099: RM: jenkins/1.447.2+dfsg-3

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: rm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Jenkins 1.447.2 suffers from the critical security vulnerability
identified in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697617.

The delta in the codebase between 1.447.2 and 1.480.2 makes backporting
the extensive fix to resolve this specific vulnerability extremely
hard; as a result I'm proposing to provide Jenkins via wheezy-backports
and keep tracking the upstream LTS releases.

I think this is the only plan which is realistically sustainable.

Please remove Jenkins from testing.

- -- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.8.0-8-generic (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJRMkEFAAoJEL/srsug59jDNp4P/0p1Ko1pvRkzZT3DlBXhvmIm
h/ygc43PIkxj+dvCH0EFfvASvLsU+zQucFapVm2+e5vC8iD/juB2Gi6QAbWIBpue
+beDthDrztnFgdLmWQ707gCurXB3GZ9PyTe9VWOqTU6YWpAjR4iFKsPv2mAVAFHt
qAEDZeNZCwl60dGBsulO3O0S1Hvu/w7awglF+YIiPJOYWdpMiDTGMzOVtXMvIS0r
/ccZ2N3+BoxMgURTGNmCrB4Xr7QK7boQFol/x2PJYLh3Qbm3sVsESlhLRQeVquEC
D01qzkwwiN9J2HwN2leog7RosnLIrt9Xa3VJNdwYCJAmn3sYkw37N3HSa2937BVz
oFwQHiOGbNFTF8IOeRrtMmAYb3kypWpq1ZoGOHJ607yFm3tikiDxl3gTuC/0cx2d
ElZwHc7ew/5LndMTMDYW1gdblXUzW17Jv6aUtnt02Mkkt6vbiz1PuIRU+lohqeE6
UViX99jApROJyRn9XMnY83I6c6KylwyPnfVJapCMblC+WBaEG5PCFZb/8yljePkE
ka2yhopq24ARfwJaAaMTOo0JXevb1uOHW9GsWoQMg/NH6PArwnyI97YeUwUwIX8/
2C1f+Y8raTJ8yxXPFgv/YDshuu/l4k9LRe52er3k5N1BXAAXr2vG0+vd1tlmgPuM
KBioatauHP8hq5k+zO8Y
=tOZg
-----END PGP SIGNATURE-----
Reply to: