lp:~james-page/ubuntu/quantal/jenkins-winstone/CVE-2012-6072
- Get this branch:
- bzr branch lp:~james-page/ubuntu/quantal/jenkins-winstone/CVE-2012-6072
Branch merges
Branch information
- Owner:
- James Page
- Status:
- Development
Recent revisions
- 10. By James Page
-
* SECURITY UPDATE: HTTP splitting vulnerability (LP: #1098135):
- d/p/CVE-2012-6072. patch: Cherry picked fix from upstream VCS
which prevents HTTP headers being split into multiple lines.
- CVE-2012-6072 - 9. By James Page
-
* New upstream release:
- d/patches/java-1. 6.patch: Dropped - upstream is now Java 6 compatible.
- d/control: Add new dependency on libmaven-enforcer- plugin- java.
* Fix FTBFS with openjdk-7 (LP: #888947):
- d/patches/java7-compat. patch: Add stub methods and allow compilation
with Java 6+. - 8. By James Page
-
* New upstream release.
* Bumped Standards-Version to 3.9.3:
- d/copyright: Switched Format to reference release version of DEP-5.
* Added missing patch headers. - 6. By James Page
-
* New upstream release:
- http://www.cloudbees. com/jenkins- advisory/ jenkins- security- advisory- 2012-01- 10.cb
Fix Hash DoS vulnerability with HTTP parameters by restricting the
number of parameters in any HTTP request.
(LP: #914628) - 3. By James Page
-
* Support offline validation of XML configuration files (LP: #827651):
- debian/patches/ specification- resources. patch: CDDL/GPL-2 licensed
xsd+DTD resources for all servlet, jsp and j2ee specifications.
- debian/copyright: documented copyright + license for
specification-resources. patch.
- debian/control: Removed dependency on libservlet2.5-java, no longer
required.
- debian/patches/ series, debian/ patches/ use_system_ servletapi. patch:
Dropped patch as no longer required.
- debian/libjenkins- winstone- java.classpath: Dropped as all required
resources are now included in winstone.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/raring/jenkins-winstone