Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.maint.java > #8890

bsh (BeanShell) security vulnerability (CVE-2016-2510)

From Stian Soiland-Reyes <stain@apache.org>
Newsgroups linux.debian.maint.java
Subject bsh (BeanShell) security vulnerability (CVE-2016-2510)
Date 2016-02-19 13:20 +0100
Message-ID <r3Scq-4Z3-7@gated-at.bofh.it> (permalink)
Organization linux.* mail to news gateway

Show all headers | View raw

Hi,

BeanShell aka bsh has released a security fix 2.0b6:

https://github.com/beanshell/beanshell/releases/tag/2.0b6

It has been reported to MITRE as CVE-2016-2510.


This might be a good time to address
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700610

and update sid to use the new upstream home of
https://github.com/beanshell/beanshell
(transitioned from apache-extras)


Note that since 2.0b5 the license has changed to Apache License.

2.0b5 should be functionally equivalent to 2.0b4 except the license change.


If you want to backport only the security fix for 2.0b4 jessie, see
https://github.com/beanshell/beanshell/commits/2.0b6

specifically these two commits:

https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49

https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced


-- 
Stian Soiland-Reyes
Apache Taverna (incubating), Apache Commons RDF (incubating)
http://orcid.org/0000-0001-9842-9718

Back to linux.debian.maint.java | Previous | NextNext in thread | Find similar

Thread

bsh (BeanShell) security vulnerability (CVE-2016-2510) Stian Soiland-Reyes <stain@apache.org> - 2016-02-19 13:20 +0100
  Re: bsh (BeanShell) security vulnerability (CVE-2016-2510) Emmanuel Bourg <ebourg@apache.org> - 2016-02-19 14:40 +0100
    Bug#700610: bsh (BeanShell) security vulnerability (CVE-2016-2510) Stian Soiland-Reyes <stain@apache.org> - 2016-02-19 17:30 +0100
  Re: bsh (BeanShell) security vulnerability (CVE-2016-2510) Markus Koschany <apo@debian.org> - 2016-02-26 15:00 +0100
    Re: bsh (BeanShell) security vulnerability (CVE-2016-2510) Stian Soiland-Reyes <stain@apache.org> - 2016-02-29 13:10 +0100
    Re: bsh (BeanShell) security vulnerability (CVE-2016-2510) Sébastien Delafond <seb@debian.org> - 2016-03-01 14:20 +0100
      Re: bsh (BeanShell) security vulnerability (CVE-2016-2510) Markus Koschany <apo@debian.org> - 2016-03-01 16:10 +0100
        Re: bsh (BeanShell) security vulnerability (CVE-2016-2510) Sébastien Delafond <seb@debian.org> - 2016-03-01 17:10 +0100

csiph-web