Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 18 Jul 2018 23:15:44 +0000 (UTC)
From:      Li-Wen Hsu <lwhsu@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r474916 - head/security/vuxml
Message-ID:  <201807182315.w6INFico092176@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: lwhsu
Date: Wed Jul 18 23:15:43 2018
New Revision: 474916
URL: https://svnweb.freebsd.org/changeset/ports/474916

Log:
  Update CVE number of 20a1881e-8a9e-11e8-bddf-d017c2ca229d
  
  Sponsored by:	The FreeBSD Foundation

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Wed Jul 18 23:13:29 2018	(r474915)
+++ head/security/vuxml/vuln.xml	Wed Jul 18 23:15:43 2018	(r474916)
@@ -75,24 +75,31 @@ Notes:
 	<p>Jenkins Security Advisory:</p>
 	<blockquote cite="https://jenkins.io/security/advisory/2018-07-18/">;
 	  <h1>Description</h1>
-	  <h5>(High) SECURITY-897 / CVE pending</h5>
+	  <h5>(High) SECURITY-897 / CVE-2018-1999001</h5>
 	  <p>Users without Overall/Read permission can have Jenkins reset parts of global configuration on the next restart </p>
-	  <h5>(High) SECURITY-914 / CVE pending</h5>
+	  <h5>(High) SECURITY-914 / CVE-2018-1999002</h5>
 	  <p>Arbitrary file read vulnerability</p>
-	  <h5>(Medium) SECURITY-891 / CVE pending</h5>
+	  <h5>(Medium) SECURITY-891 / CVE-2018-1999003</h5>
 	  <p>Unauthorized users could cancel queued builds</p>
-	  <h5>(Medium) SECURITY-892 / CVE pending</h5>
+	  <h5>(Medium) SECURITY-892 / CVE-2018-1999004</h5>
 	  <p>Unauthorized users could initiate and abort agent launches</p>
-	  <h5>(Medium) SECURITY-944 / CVE pending</h5>
+	  <h5>(Medium) SECURITY-944 / CVE-2018-1999005</h5>
 	  <p>Stored XSS vulnerability</p>
-	  <h5>(Medium) SECURITY-925 / CVE pending</h5>
+	  <h5>(Medium) SECURITY-925 / CVE-2018-1999006</h5>
 	  <p>Unauthorized users are able to determine when a plugin was extracted from its JPI package</p>
-	  <h5>(Medium) SECURITY-390 / CVE pending</h5>
+	  <h5>(Medium) SECURITY-390 / CVE-2018-1999007</h5>
 	  <p>XSS vulnerability in Stapler debug mode</p>
 	</blockquote>
       </body>
     </description>
     <references>
+      <cvename>CVE-2018-1999001</cvename>
+      <cvename>CVE-2018-1999002</cvename>
+      <cvename>CVE-2018-1999003</cvename>
+      <cvename>CVE-2018-1999004</cvename>
+      <cvename>CVE-2018-1999005</cvename>
+      <cvename>CVE-2018-1999006</cvename>
+      <cvename>CVE-2018-1999007</cvename>
       <url>https://jenkins.io/security/advisory/2018-07-18/</url>;
     </references>
     <dates>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201807182315.w6INFico092176>