More info here: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2017-02-01
One bug is enough. We will use bug 607932.