1
Candidate: CVE-2014-2065
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2065
5
https://issues.jenkins-ci.org/browse/SECURITY-77
7
Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and LTS
8
before 1.532.2 allows remote attackers to inject arbitrary web script or
9
HTML via the iconSize cookie.
11
sarnold> SECURITY-77 isn't visible as of 2014-02-21
14
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739067
20
upstream: https://github.com/jenkinsci/jenkins/commit/a0b00508eeb74d7033dc4100eb382df4e8fa72e7
21
upstream_jenkins: needed
23
precise_jenkins: ignored (reached end-of-life)
24
precise/esm_jenkins: DNE (precise was needed)
25
quantal_jenkins: ignored (reached end-of-life)
26
saucy_jenkins: ignored (reached end-of-life)
30
vivid/stable-phone-overlay_jenkins: DNE
31
vivid/ubuntu-core_jenkins: DNE