Ubuntu
jenkins-winstone package

lp:~james-page/ubuntu/quantal/jenkins-winstone/CVE-2012-6072

Quantal (12.10)
CVE-2012-6072

Created by James Page on 2013-01-10 and last modified on 2013-01-10

Get this branch:: bzr branch lp:~james-page/ubuntu/quantal/jenkins-winstone/CVE-2012-6072

Only James Page can upload to this branch. If you are James Page please log in for upload directions.

Branch merges

No branches dependent on this one.

High

Fix Released

Link a bug report

Related blueprints

Branch information

Owner:: James Page

Status:: Development

Recent revisions

10. By James Page on 2013-01-10: * SECURITY UPDATE: HTTP splitting vulnerability (LP: #1098135):
  - d/p/CVE-2012-6072.patch: Cherry picked fix from upstream VCS
    which prevents HTTP headers being split into multiple lines.
  - CVE-2012-6072
9. By James Page on 2012-06-21: * New upstream release:
  - d/patches/java-1.6.patch: Dropped - upstream is now Java 6 compatible.
  - d/control: Add new dependency on libmaven-enforcer-plugin-java.
* Fix FTBFS with openjdk-7 (LP: #888947):
  - d/patches/java7-compat.patch: Add stub methods and allow compilation
    with Java 6+.
8. By James Page on 2012-04-26: * New upstream release.
* Bumped Standards-Version to 3.9.3:
- d/copyright: Switched Format to reference release version of DEP-5.
* Added missing patch headers.
7. By James Page on 2012-01-16: Fake sync due to mismatching orig tarball.
6. By James Page on 2012-01-13: * New upstream release:
  - http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-01-10.cb
    Fix Hash DoS vulnerability with HTTP parameters by restricting the
    number of parameters in any HTTP request.
    (LP: #914628)
5. By James Page on 2011-11-09: New upstream release.
4. By James Page on 2011-09-19: * Initial Debian release (Closes: #634652)
* New upstream release
3. By James Page on 2011-08-18: * Support offline validation of XML configuration files (LP: #827651):
  - debian/patches/specification-resources.patch: CDDL/GPL-2 licensed
    xsd+DTD resources for all servlet, jsp and j2ee specifications.
  - debian/copyright: documented copyright + license for
    specification-resources.patch.
  - debian/control: Removed dependency on libservlet2.5-java, no longer
    required.
  - debian/patches/series,debian/patches/use_system_servletapi.patch:
    Dropped patch as no longer required.
  - debian/libjenkins-winstone-java.classpath: Dropped as all required
    resources are now included in winstone.
2. By James Page on 2011-06-29: Initial release
1. By James Page on 2011-06-29: Import upstream version 0.9.10-jenkins-25+dfsg

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:ubuntu/raring/jenkins-winstone

This branch contains Public information

Everyone can see this information.

Subscribers

James Page

Ubuntujenkins-winstone package

lp:~james-page/ubuntu/quantal/jenkins-winstone/CVE-2012-6072

Branch merges

Related source package recipes

Related snap packages

Related bugs