Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.maint.java > #8912

Re: bsh (BeanShell) security vulnerability (CVE-2016-2510)

From Markus Koschany <apo@debian.org>
Newsgroups linux.debian.maint.java
Subject Re: bsh (BeanShell) security vulnerability (CVE-2016-2510)
Date 2016-03-01 16:10 +0100
Message-ID <r7U5Y-2ju-21@gated-at.bofh.it> (permalink)
References <r3Scq-4Z3-7@gated-at.bofh.it> <r6r62-44C-7@gated-at.bofh.it> <r7Snw-1ci-9@gated-at.bofh.it>
Organization linux.* mail to news gateway

Show all headers | View raw

[Multipart message — attachments visible in raw view] - view raw

Am 01.03.2016 um 14:17 schrieb Sébastien Delafond:
> On Feb/26, Markus Koschany wrote:
>> Am 19.02.2016 um 13:10 schrieb Stian Soiland-Reyes:
>>> Hi,
>>>
>>> BeanShell aka bsh has released a security fix 2.0b6:
>>>
>>> https://github.com/beanshell/beanshell/releases/tag/2.0b6
>>>
>>> It has been reported to MITRE as CVE-2016-2510.
>>
>> Hi Stian,
>>
>> I intend to backport your changes to fix CVE-2016-2510. Looking at the
>> relevant commits, I could condense the changes to create the attached
>> patch. Could you take a look at it and confirm that this is sufficient?
> 
> Hi Markus,
> 
> now that upstream has validated your patch, do you intend to package and
> upload fixed versions for both wheezy- and jessie-security ? In that
> case, I'd be happy to validate both your debdiffs prior to your
> uploading, and then we can release the DSA.
> 

Hi Seb,

Thanks for your assistance. I'm attaching the proposed debdiff for bsh
in Wheezy and Jessie. I can upload anytime.

P.S.: If time permits, please let me know how we should proceed with
Tomcat 6 in Wheezy.

Regards,

Markus

Back to linux.debian.maint.java | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

bsh (BeanShell) security vulnerability (CVE-2016-2510) Stian Soiland-Reyes <stain@apache.org> - 2016-02-19 13:20 +0100
  Re: bsh (BeanShell) security vulnerability (CVE-2016-2510) Emmanuel Bourg <ebourg@apache.org> - 2016-02-19 14:40 +0100
    Bug#700610: bsh (BeanShell) security vulnerability (CVE-2016-2510) Stian Soiland-Reyes <stain@apache.org> - 2016-02-19 17:30 +0100
  Re: bsh (BeanShell) security vulnerability (CVE-2016-2510) Markus Koschany <apo@debian.org> - 2016-02-26 15:00 +0100
    Re: bsh (BeanShell) security vulnerability (CVE-2016-2510) Stian Soiland-Reyes <stain@apache.org> - 2016-02-29 13:10 +0100
    Re: bsh (BeanShell) security vulnerability (CVE-2016-2510) Sébastien Delafond <seb@debian.org> - 2016-03-01 14:20 +0100
      Re: bsh (BeanShell) security vulnerability (CVE-2016-2510) Markus Koschany <apo@debian.org> - 2016-03-01 16:10 +0100
        Re: bsh (BeanShell) security vulnerability (CVE-2016-2510) Sébastien Delafond <seb@debian.org> - 2016-03-01 17:10 +0100

csiph-web