{"id":"MGASA-2016-0162","summary":"Updated jenkins-remoting packages fix CVE-2016-0792","details":"Updated jenkins-remoting packages fix security vulnerability:\n\nJenkins has several API endpoints that allow low-privilege users to POST \nXML files that then get deserialized by Jenkins. Maliciously crafted XML \nfiles sent to these API endpoints could result in arbitrary code execution.\n(SECURITY-247 / CVE-2016-0792)\n","modified":"2026-01-31T17:16:00.058620Z","published":"2016-05-05T16:26:44Z","related":["CVE-2016-0792"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0162.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=18033"},{"type":"REPORT","url":"https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179009.html"},{"type":"REPORT","url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24"}],"affected":[{"package":{"name":"jenkins-remoting","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/jenkins-remoting?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.53.3-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0162.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}