Tags: security upstream
Several issues were mentioned in Red Hat Bugzilla at  referencing
the issue which creates executables class files with wrong permissions
At least it seems present in the Debian package that the package
writes to /usr/share. In the SuSE bugzilla there are some links to
fixes applied in SuSE.
Could you please double-check the jython package in Debian?
This is the maintainer address of Debian's Java team
debian-j...@lists.debian.org for discussions and questions.