diff options
author | Fathi Boudra <fathi.boudra@linaro.org> | 2016-11-20 08:13:29 +0200 |
---|---|---|
committer | Fathi Boudra <fathi.boudra@linaro.org> | 2016-11-20 06:16:06 +0000 |
commit | 786bc612f7c3535d82cab2648d1f9f86c6e97b81 (patch) | |
tree | b80a7be564648e85a1afd6c3935531ac51d85b80 | |
parent | c215304306e9d88661be5efd6b930a10fa4cf489 (diff) |
jenkins: update jenkins lts to 2.19.3
Fix SECURITY-360 / CVE-2016-9299
An unauthenticated remote code execution vulnerability allowed attackers
to transfer a serialized Java object to the Jenkins CLI, making Jenkins
connect to an attacker-controlled LDAP server, which in turn can send a
serialized payload leading to code execution, bypassing existing
protection mechanisms.
Change-Id: I7ef082865b304915c4ce818e6e813231a31ecf3b
Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Reviewed-on: https://review.linaro.org/15666
-rw-r--r-- | per-service/jenkins/jenkins.yml | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/per-service/jenkins/jenkins.yml b/per-service/jenkins/jenkins.yml index e9c4dc68..7068a1a1 100644 --- a/per-service/jenkins/jenkins.yml +++ b/per-service/jenkins/jenkins.yml @@ -5,7 +5,7 @@ vars: - linaro_android_build_tools_repo: http://git.linaro.org/git/infrastructure/linaro-android-build-tools.git - linaro_android_build_tools_rev: HEAD - - jenkins_version: 2.19.2 + - jenkins_version: 2.19.3 - jenkins_extra_users: files/jenkins_users.xml vars_files: # Include private settings only if they exist - not all modes need |