Comment 13 for bug 889181

jenkins-winstone (0.9.10-jenkins-25+dfsg-0ubuntu2.1) oneiric-security; urgency=low

  * SECURITY UPDATE: XSS vulnerability in default error pages.
    - debian/patches/fix_xss.patch: escape error messages which are supposed
      be plain text and not markup in
      src/java/winstone/ErrorServlet.java,
      src/java/winstone/URIUtil.java,
      src/java/winstone/WinstoneResponse.java
    - http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2011-11-08.cb
  * d/maven.{properties,ignoreRules}: Disabled testing as htmlunit is
    currently broken in 11.10.