Path: csiph.com!newsfeed.xs4all.nl!newsfeed7.news.xs4all.nl!bofh.it!news.nic.it!robomod
From: Thomas Uhle <thomas.uhle@mailbox.tu-dresden.de>
Newsgroups: linux.debian.bugs.dist,linux.debian.maint.java
Subject: Bug#700610: bsh (BeanShell) security vulnerability (CVE-2016-2510)
Date: Wed, 23 Feb 2022 00:00:01 +0100
Message-ID: <DTMit-3FsZ-15@gated-at.bofh.it>
References: <r3Scq-4Z3-7@gated-at.bofh.it> <r3TrP-5KW-3@gated-at.bofh.it> <r3VWG-7Ih-17@gated-at.bofh.it> <kDpsR-n9-3@gated-at.bofh.it> <r3VWG-7Ih-17@gated-at.bofh.it>
X-Original-To: <700610@bugs.debian.org>
X-Mailbox-Line: From debian-bugs-dist-request@lists.debian.org  Tue Feb 22 22:54:09 2022
Old-Return-Path: <debbugs@buxtehude.debian.org>
X-Spam-Flag: NO
X-Spam-Score: -6.662
Reply-To: Thomas Uhle <thomas.uhle@mailbox.tu-dresden.de>, 700610@bugs.debian.org
Resent-To: debian-bugs-dist@lists.debian.org
Resent-Cc: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
X-Debian-Pr-Message: followup 700610
X-Debian-Pr-Package: bsh
X-Debian-Pr-Source: bsh
User-Agent: Alpine 2.25 (LSU 592 2021-09-18)
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="US-ASCII"
X-Clientproxiedby: msx-l321.msx.ad.zih.tu-dresden.de (172.26.34.121) To MSX-L315.msx.ad.zih.tu-dresden.de (172.26.34.115)
X-Pmwin-Version: 4.0.4, Antivirus-Engine: 3.84.0, Antivirus-Data: 5.90
X-Tud-Virus-Scanned: mailout3.zih.tu-dresden.de
X-Greylist: delayed 1105 seconds by postgrey-1.36 at buxtehude; Tue, 22 Feb 2022 22:51:24 UTC
X-Debian-Message: from BTS
X-Mailing-List: <debian-bugs-dist@lists.debian.org> archive/latest/1706369
List-ID: <debian-bugs-dist.lists.debian.org>
List-URL: <https://lists.debian.org/debian-bugs-dist/>
Approved: robomod@news.nic.it
Lines: 19
Organization: linux.* mail to news gateway
Sender: robomod@news.nic.it
X-Original-Cc: <debian-java@lists.debian.org>
X-Original-Date: Tue, 22 Feb 2022 23:32:49 +0100
X-Original-Message-ID: <e38348c7-2927-6b43-e31e-7b95228c95ad@tu-dresden.de>
X-Original-References: <CAMBJEmU3hFuN4k7wrnhAgLtQxnCDH0joQO0A_9m=KXeJzA5xkQ@mail.gmail.com> <56C71965.6000101@apache.org> <CAMBJEmXuB7RtSK3JYR0jG1bD-VPRCTfq2nGnKW4PyKPn70aHdw@mail.gmail.com> <20130215085329.13065.37659.reportbug@rivest.cryptology.ch> <CAMBJEmXuB7RtSK3JYR0jG1bD-VPRCTfq2nGnKW4PyKPn70aHdw@mail.gmail.com>
Xref: csiph.com linux.debian.bugs.dist:1094288 linux.debian.maint.java:12349

Dear maintainers,

there was published a new release of BeanShell 14 months ago. You can find 
the sources of version 2.1.0 on GitHub at

https://github.com/beanshell/beanshell/releases/tag/2.1.0

The new version has not been published on Maven though (where versions 
from 2.0b4 to 2.0b6 are still the newest releases), but this is explained 
on GitHub at https://github.com/beanshell/beanshell/issues/603 .
Anyway, version 2.1.0 is an official release linked from 
https://www.beanshell.org/download.html and there is also stated that 
version 2.0b4 is now merely a legacy release.

What do you think, wouldn't it be time for an update in Debian?

Best regards,

Thomas Uhle