svn commit: r415044 - head/security/vuxml
Li-Wen Hsu
lwhsu at FreeBSD.org
Thu May 12 03:44:26 UTC 2016
Author: lwhsu
Date: Thu May 12 03:44:24 2016
New Revision: 415044
URL: https://svnweb.freebsd.org/changeset/ports/415044
Log:
Document Jenkins Security Advisory 2016-05-11
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed May 11 23:35:57 2016 (r415043)
+++ head/security/vuxml/vuln.xml Thu May 12 03:44:24 2016 (r415044)
@@ -58,6 +58,60 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="e387834a-17ef-11e6-9947-7054d2909b71">
+ <topic>jenkins -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>jenkins</name>
+ <range><lt>2.2</lt></range>
+ </package>
+ <package>
+ <name>jenkins2</name>
+ <range><lt>2.2</lt></range>
+ </package>
+ <package>
+ <name>jenkins-lts</name>
+ <range><lt>1.651.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Jenkins Security Advisory:</p>
+ <blockquote cite="https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11">
+ <h1>Description</h1>
+ <h5>SECURITY-170 / CVE-2016-3721</h5>
+ <p>Arbitrary build parameters are passed to build scripts as environment variables</p>
+ <h5>SECURITY-243 / CVE-2016-3722</h5>
+ <p>Malicious users with multiple user accounts can prevent other users from logging in</p>
+ <h5>SECURITY-250 / CVE-2016-3723</h5>
+ <p>Information on installed plugins exposed via API</p>
+ <h5>SECURITY-266 / CVE-2016-3724</h5>
+ <p>Encrypted secrets (e.g. passwords) were leaked to users with permission to read configuration</p>
+ <h5>SECURITY-273 / CVE-2016-3725</h5>
+ <p>Regular users can trigger download of update site metadata</p>
+ <h5>SECURITY-276 / CVE-2016-3726</h5>
+ <p>Open redirect to scheme-relative URLs</p>
+ <h5>SECURITY-281 / CVE-2016-3727</h5>
+ <p>Granting the permission to read node configurations allows access to overall system configuration</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-3721</cvename>
+ <cvename>CVE-2016-3722</cvename>
+ <cvename>CVE-2016-3723</cvename>
+ <cvename>CVE-2016-3724</cvename>
+ <cvename>CVE-2016-3725</cvename>
+ <cvename>CVE-2016-3726</cvename>
+ <cvename>CVE-2016-3727</cvename>
+ <url>https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11</url>
+ </references>
+ <dates>
+ <discovery>2016-05-11</discovery>
+ <entry>2016-05-12</entry>
+ </dates>
+ </vuln>
+
<vuln vid="d9f99491-1656-11e6-94fa-002590263bf5">
<topic>perl5 -- taint mechanism bypass vulnerability</topic>
<affects>
More information about the svn-ports-head
mailing list