svn commit: r433049 - head/security/vuxml
Li-Wen Hsu
lwhsu at FreeBSD.org
Wed Feb 1 16:54:04 UTC 2017
Author: lwhsu
Date: Wed Feb 1 16:54:03 2017
New Revision: 433049
URL: https://svnweb.freebsd.org/changeset/ports/433049
Log:
Document Jenkins Security Advisory 2017-02-01
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed Feb 1 16:51:30 2017 (r433048)
+++ head/security/vuxml/vuln.xml Wed Feb 1 16:54:03 2017 (r433049)
@@ -58,6 +58,89 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="5cfa9d0c-73d7-4642-af4f-28fbed9e9404">
+ <topic>jenkins -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>jenkins</name>
+ <range><lt>2.44</lt></range>
+ </package>
+ <package>
+ <name>jenkins-lts</name>
+ <range><lt>2.32.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Jenkins Security Advisory:</p>
+ <blockquote cite="https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2017-02-01">
+ <h1>Description</h1>
+ <h5>SECURITY-304 / CVE-2017-2598</h5>
+ <p>Use of AES ECB block cipher mode without IV for encrypting secrets</p>
+ <h5>SECURITY-321 / CVE-2017-2599</h5>
+ <p>Items could be created with same name as existing item</p>
+ <h5>SECURITY-343 / CVE-2017-2600</h5>
+ <p>Node monitor data could be viewed by low privilege users</p>
+ <h5>SECURITY-349 / CVE-2011-4969</h5>
+ <p>Possible cross-site scripting vulnerability in jQuery bundled with timeline widget</p>
+ <h5>SECURITY-353 / CVE-2017-2601</h5>
+ <p>Persisted cross-site scripting vulnerability in parameter names and descriptions</p>
+ <h5>SECURITY-354 / CVE-2015-0886</h5>
+ <p>Outdated jbcrypt version bundled with Jenkins</p>
+ <h5>SECURITY-358 / CVE-2017-2602</h5>
+ <p>Pipeline metadata files not blacklisted in agent-to-master security subsystem</p>
+ <h5>SECURITY-362 / CVE-2017-2603</h5>
+ <p>User data leak in disconnected agents' config.xml API</p>
+ <h5>SECURITY-371 / CVE-2017-2604</h5>
+ <p>Low privilege users were able to act on administrative monitors</p>
+ <h5>SECURITY-376 / CVE-2017-2605</h5>
+ <p>Re-key admin monitor leaves behind unencrypted credentials in upgraded installations</p>
+ <h5>SECURITY-380 / CVE-2017-2606</h5>
+ <p>Internal API allowed access to item names that should not be visible</p>
+ <h5>SECURITY-382 / CVE-2017-2607</h5>
+ <p>Persisted cross-site scripting vulnerability in console notes</p>
+ <h5>SECURITY-383 / CVE-2017-2608</h5>
+ <p>XStream remote code execution vulnerability</p>
+ <h5>SECURITY-385 / CVE-2017-2609</h5>
+ <p>Information disclosure vulnerability in search suggestions</p>
+ <h5>SECURITY-388 / CVE-2017-2610</h5>
+ <p>Persisted cross-site scripting vulnerability in search suggestions</p>
+ <h5>SECURITY-389 / CVE-2017-2611</h5>
+ <p>Insufficient permission check for periodic processes</p>
+ <h5>SECURITY-392 / CVE-2017-2612</h5>
+ <p>Low privilege users were able to override JDK download credentials</p>
+ <h5>SECURITY-406 / CVE-2017-2613</h5>
+ <p>User creation CSRF using GET by admins</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-2598</cvename>
+ <cvename>CVE-2017-2599</cvename>
+ <cvename>CVE-2017-2600</cvename>
+ <cvename>CVE-2011-4969</cvename>
+ <cvename>CVE-2017-2601</cvename>
+ <cvename>CVE-2015-0886</cvename>
+ <cvename>CVE-2017-2602</cvename>
+ <cvename>CVE-2017-2603</cvename>
+ <cvename>CVE-2017-2604</cvename>
+ <cvename>CVE-2017-2605</cvename>
+ <cvename>CVE-2017-2606</cvename>
+ <cvename>CVE-2017-2607</cvename>
+ <cvename>CVE-2017-2608</cvename>
+ <cvename>CVE-2017-2609</cvename>
+ <cvename>CVE-2017-2610</cvename>
+ <cvename>CVE-2017-2611</cvename>
+ <cvename>CVE-2017-2612</cvename>
+ <cvename>CVE-2017-2613</cvename>
+ <url>https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2017-02-01</url>
+ </references>
+ <dates>
+ <discovery>2017-02-01</discovery>
+ <entry>2017-02-01</entry>
+ </dates>
+ </vuln>
+
<vuln vid="14ea4458-e5cd-11e6-b56d-38d547003487">
<topic>wordpress -- multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-all
mailing list