aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlwhsu <lwhsu@FreeBSD.org>2017-02-02 00:54:03 +0800
committerlwhsu <lwhsu@FreeBSD.org>2017-02-02 00:54:03 +0800
commit6a9d4e188411168ce0d7ffb6ef03c84d17d34f68 (patch)
treeb35df1325aa44d9d5ae5ac1383141164e7be2c3b
parentb61a03500125cb6ed4de23c8b9303b78d504a78f (diff)
downloadfreebsd-ports-gnome-6a9d4e188411168ce0d7ffb6ef03c84d17d34f68.tar.gz
freebsd-ports-gnome-6a9d4e188411168ce0d7ffb6ef03c84d17d34f68.tar.zst
freebsd-ports-gnome-6a9d4e188411168ce0d7ffb6ef03c84d17d34f68.zip
Document Jenkins Security Advisory 2017-02-01
-rw-r--r--security/vuxml/vuln.xml83
1 files changed, 83 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index d1955971d84a..895fd566504f 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -58,6 +58,89 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="5cfa9d0c-73d7-4642-af4f-28fbed9e9404">
+ <topic>jenkins -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>jenkins</name>
+ <range><lt>2.44</lt></range>
+ </package>
+ <package>
+ <name>jenkins-lts</name>
+ <range><lt>2.32.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Jenkins Security Advisory:</p>
+ <blockquote cite="https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2017-02-01">
+ <h1>Description</h1>
+ <h5>SECURITY-304 / CVE-2017-2598</h5>
+ <p>Use of AES ECB block cipher mode without IV for encrypting secrets</p>
+ <h5>SECURITY-321 / CVE-2017-2599</h5>
+ <p>Items could be created with same name as existing item</p>
+ <h5>SECURITY-343 / CVE-2017-2600</h5>
+ <p>Node monitor data could be viewed by low privilege users</p>
+ <h5>SECURITY-349 / CVE-2011-4969</h5>
+ <p>Possible cross-site scripting vulnerability in jQuery bundled with timeline widget</p>
+ <h5>SECURITY-353 / CVE-2017-2601</h5>
+ <p>Persisted cross-site scripting vulnerability in parameter names and descriptions</p>
+ <h5>SECURITY-354 / CVE-2015-0886</h5>
+ <p>Outdated jbcrypt version bundled with Jenkins</p>
+ <h5>SECURITY-358 / CVE-2017-2602</h5>
+ <p>Pipeline metadata files not blacklisted in agent-to-master security subsystem</p>
+ <h5>SECURITY-362 / CVE-2017-2603</h5>
+ <p>User data leak in disconnected agents' config.xml API</p>
+ <h5>SECURITY-371 / CVE-2017-2604</h5>
+ <p>Low privilege users were able to act on administrative monitors</p>
+ <h5>SECURITY-376 / CVE-2017-2605</h5>
+ <p>Re-key admin monitor leaves behind unencrypted credentials in upgraded installations</p>
+ <h5>SECURITY-380 / CVE-2017-2606</h5>
+ <p>Internal API allowed access to item names that should not be visible</p>
+ <h5>SECURITY-382 / CVE-2017-2607</h5>
+ <p>Persisted cross-site scripting vulnerability in console notes</p>
+ <h5>SECURITY-383 / CVE-2017-2608</h5>
+ <p>XStream remote code execution vulnerability</p>
+ <h5>SECURITY-385 / CVE-2017-2609</h5>
+ <p>Information disclosure vulnerability in search suggestions</p>
+ <h5>SECURITY-388 / CVE-2017-2610</h5>
+ <p>Persisted cross-site scripting vulnerability in search suggestions</p>
+ <h5>SECURITY-389 / CVE-2017-2611</h5>
+ <p>Insufficient permission check for periodic processes</p>
+ <h5>SECURITY-392 / CVE-2017-2612</h5>
+ <p>Low privilege users were able to override JDK download credentials</p>
+ <h5>SECURITY-406 / CVE-2017-2613</h5>
+ <p>User creation CSRF using GET by admins</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-2598</cvename>
+ <cvename>CVE-2017-2599</cvename>
+ <cvename>CVE-2017-2600</cvename>
+ <cvename>CVE-2011-4969</cvename>
+ <cvename>CVE-2017-2601</cvename>
+ <cvename>CVE-2015-0886</cvename>
+ <cvename>CVE-2017-2602</cvename>
+ <cvename>CVE-2017-2603</cvename>
+ <cvename>CVE-2017-2604</cvename>
+ <cvename>CVE-2017-2605</cvename>
+ <cvename>CVE-2017-2606</cvename>
+ <cvename>CVE-2017-2607</cvename>
+ <cvename>CVE-2017-2608</cvename>
+ <cvename>CVE-2017-2609</cvename>
+ <cvename>CVE-2017-2610</cvename>
+ <cvename>CVE-2017-2611</cvename>
+ <cvename>CVE-2017-2612</cvename>
+ <cvename>CVE-2017-2613</cvename>
+ <url>https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2017-02-01</url>
+ </references>
+ <dates>
+ <discovery>2017-02-01</discovery>
+ <entry>2017-02-01</entry>
+ </dates>
+ </vuln>
+
<vuln vid="14ea4458-e5cd-11e6-b56d-38d547003487">
<topic>wordpress -- multiple vulnerabilities</topic>
<affects>