Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.maint.java > #12352
| Path | csiph.com!newsfeed.xs4all.nl!newsfeed9.news.xs4all.nl!bofh.it!news.nic.it!robomod |
|---|---|
| From | Thomas Uhle <thomas.uhle@mailbox.tu-dresden.de> |
| Newsgroups | linux.debian.bugs.dist, linux.debian.maint.java |
| Subject | Bug#700610: bsh (BeanShell) security vulnerability (CVE-2016-2510) |
| Date | Fri, 25 Feb 2022 22:40:01 +0100 |
| Message-ID | <DUQtH-4koS-13@gated-at.bofh.it> (permalink) |
| References | <r3Scq-4Z3-7@gated-at.bofh.it> <r3TrP-5KW-3@gated-at.bofh.it> <r3VWG-7Ih-17@gated-at.bofh.it> <DTMit-3FsZ-15@gated-at.bofh.it> <DTMLv-3FSS-3@gated-at.bofh.it> <kDpsR-n9-3@gated-at.bofh.it> <DTMLv-3FSS-3@gated-at.bofh.it> |
| X-Original-To | Thorsten Glaser <t.glaser@tarent.de> |
| X-Mailbox-Line | From debian-bugs-dist-request@lists.debian.org Fri Feb 25 21:39:08 2022 |
| Old-Return-Path | <debbugs@buxtehude.debian.org> |
| X-Spam-Flag | NO |
| X-Spam-Score | -6.662 |
| Reply-To | Thomas Uhle <thomas.uhle@mailbox.tu-dresden.de>, 700610@bugs.debian.org |
| Resent-To | debian-bugs-dist@lists.debian.org |
| Resent-Cc | Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> |
| X-Debian-Pr-Message | followup 700610 |
| X-Debian-Pr-Package | bsh |
| X-Debian-Pr-Source | bsh |
| User-Agent | Alpine 2.25 (LSU 592 2021-09-18) |
| MIME-Version | 1.0 |
| Content-Type | multipart/mixed; boundary="1284344848-1918021298-1645820996=:129977" |
| Content-ID | <47f8bb6f-3638-24da-28c1-8c4b3e1e1b0f@tu-dresden.de> |
| X-Clientproxiedby | MSX-L314.msx.ad.zih.tu-dresden.de (172.26.34.114) To MSX-L315.msx.ad.zih.tu-dresden.de (172.26.34.115) |
| X-Pmwin-Version | 4.0.4, Antivirus-Engine: 3.84.0, Antivirus-Data: 5.90 |
| X-Tud-Virus-Scanned | mailout3.zih.tu-dresden.de |
| X-Debian-Message | from BTS |
| X-Mailing-List | <debian-bugs-dist@lists.debian.org> archive/latest/1706796 |
| List-ID | <debian-bugs-dist.lists.debian.org> |
| List-URL | <https://lists.debian.org/debian-bugs-dist/> |
| Approved | robomod@news.nic.it |
| Lines | 39 |
| Organization | linux.* mail to news gateway |
| Sender | robomod@news.nic.it |
| X-Original-Cc | <700610@bugs.debian.org>, <debian-java@lists.debian.org> |
| X-Original-Date | Fri, 25 Feb 2022 22:33:56 +0100 |
| X-Original-Message-ID | <a063ec81-d031-6910-d835-371c283e7cb5@tu-dresden.de> |
| X-Original-References | <CAMBJEmU3hFuN4k7wrnhAgLtQxnCDH0joQO0A_9m=KXeJzA5xkQ@mail.gmail.com> <56C71965.6000101@apache.org> <CAMBJEmXuB7RtSK3JYR0jG1bD-VPRCTfq2nGnKW4PyKPn70aHdw@mail.gmail.com> <e38348c7-2927-6b43-e31e-7b95228c95ad@tu-dresden.de> <9da89f6d-7b9d-5197-2b29-767a287bb7d@tarent.de> <20130215085329.13065.37659.reportbug@rivest.cryptology.ch> <9da89f6d-7b9d-5197-2b29-767a287bb7d@tarent.de> |
| Xref | csiph.com linux.debian.bugs.dist:1094636 linux.debian.maint.java:12352 |
Cross-posted to 2 groups.
Show key headers only | View raw
[Multipart message — attachments visible in raw view] - view raw
On Wed, 23 Feb 2022, Thorsten Glaser wrote: > On Tue, 22 Feb 2022, Thomas Uhle wrote: > > > What do you think, wouldn't it be time for an update in Debian? > > The comment > > at https://github.com/beanshell/beanshell/issues/603 . > reads for me more like a “maybe remove it instead…”. > > Honestly though, if it’s not available in Central, upstreams will > not use it and stick to old beta versions. If Debian has a newer > one, which may be incompatible, we’re inviting problems. That might be true although the BeanShell developers claim in their announcment of version 2.1.0 to be backward compatible with version 2.0b6, and only suitable backports from the upcoming version 3.0 of BeanShell have made it into version 2.1.0. But even then Debian could move on to version 2.0b6 at least. It is the latest version of BeanShell on Maven Central. Perhaps we might have a better picture after a look at other Linux distributions. Arch, Fedora and Mageia for instance already have version 2.1.0 onboard whereas Gentoo, OpenMandriva, openSUSE and Red Hat stay with version 2.0b6 (... to name just a few). So it is quite mixed. But I haven't seen any Linux distribution so far (apart from those derived from Debian like Linux Mint, Ubuntu, etc.) that still have version 2.0b4. It seems that both decisions (either to update to version 2.1.0 or to version 2.0b6) are reasonable. Best regards, Thomas Uhle
Back to linux.debian.maint.java | Previous | Next — Previous in thread | Next in thread | Find similar
bsh (BeanShell) security vulnerability (CVE-2016-2510) Stian Soiland-Reyes <stain@apache.org> - 2016-02-19 13:20 +0100
Re: bsh (BeanShell) security vulnerability (CVE-2016-2510) Emmanuel Bourg <ebourg@apache.org> - 2016-02-19 14:40 +0100
Bug#700610: bsh (BeanShell) security vulnerability (CVE-2016-2510) Stian Soiland-Reyes <stain@apache.org> - 2016-02-19 17:30 +0100
Bug#700610: bsh (BeanShell) security vulnerability (CVE-2016-2510) Thomas Uhle <thomas.uhle@mailbox.tu-dresden.de> - 2022-02-23 00:00 +0100
Bug#700610: bsh (BeanShell) security vulnerability (CVE-2016-2510) Thorsten Glaser <t.glaser@tarent.de> - 2022-02-23 00:40 +0100
Bug#700610: bsh (BeanShell) security vulnerability (CVE-2016-2510) Thomas Uhle <thomas.uhle@mailbox.tu-dresden.de> - 2022-02-25 22:40 +0100
Re: bsh (BeanShell) security vulnerability (CVE-2016-2510) Markus Koschany <apo@debian.org> - 2016-02-26 15:00 +0100
Re: bsh (BeanShell) security vulnerability (CVE-2016-2510) Stian Soiland-Reyes <stain@apache.org> - 2016-02-29 13:10 +0100
Re: bsh (BeanShell) security vulnerability (CVE-2016-2510) Sébastien Delafond <seb@debian.org> - 2016-03-01 14:20 +0100
Re: bsh (BeanShell) security vulnerability (CVE-2016-2510) Markus Koschany <apo@debian.org> - 2016-03-01 16:10 +0100
Re: bsh (BeanShell) security vulnerability (CVE-2016-2510) Sébastien Delafond <seb@debian.org> - 2016-03-01 17:10 +0100
csiph-web